Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-43513

A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions < V6.0 SP9 Upd4), TeleControl Server Basic V3 (All versions < V3.1.2). The affected components allow to rename license files with user chosen input without authentication. This could allow an unauthenticated remote attacker to rename and move files as SYSTEM user.

Published

2023-01-10T12:15:23.207

Last Modified

2024-11-21T07:26:40.527

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.2 (HIGH)

Weaknesses

Type: Secondary
CWE-73
Type: Primary
CWE-610

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	siemens	automation_license_manager	5.0.0	Yes
Application	siemens	automation_license_manager	5.1	Yes
Application	siemens	automation_license_manager	5.1	Yes
Application	siemens	automation_license_manager	5.2	Yes
Application	siemens	automation_license_manager	5.3	Yes
Application	siemens	automation_license_manager	5.3	Yes
Application	siemens	automation_license_manager	5.3.4.4	Yes
Application	siemens	automation_license_manager	6.0	Yes
Application	siemens	automation_license_manager	6.0.1	Yes
Application	siemens	automation_license_manager	6.0.8	Yes
Application	siemens	automation_license_manager	6.0.9	Yes

References

https://cert-portal.siemens.com/productcert/html/ssa-476715.html ([email protected])
https://cert-portal.siemens.com/productcert/html/ssa-556635.html ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-476715.pdf Vendor Advisory ([email protected])
https://cert-portal.siemens.com/productcert/html/ssa-476715.html (af854a3a-2127-422b-91ae-364da2661108)
https://cert-portal.siemens.com/productcert/html/ssa-556635.html (af854a3a-2127-422b-91ae-364da2661108)
https://cert-portal.siemens.com/productcert/pdf/ssa-476715.pdf Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)