Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-22042

A vulnerability has been identified in Unicam FX (All versions). The windows installer agent used in affected product contains incorrect use of privileged APIs that trigger the Windows Console Host (conhost.exe) as a child process with SYSTEM privileges. This could be exploited by an attacker to perform a local privilege escalation attack.

Published

2024-02-13T09:15:47.157

Last Modified

2024-12-16T15:02:32.453

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses

Type: Secondary
CWE-648
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	siemens	unicam_fx	-	Yes

References

https://cert-portal.siemens.com/productcert/html/ssa-543502.html Vendor Advisory ([email protected])
https://cert-portal.siemens.com/productcert/html/ssa-543502.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)