![]() This could allow an unauthenticated remote attacker to rename and move files as a SYSTEM user.ĬVE-2022-43513 has been assigned to this vulnerability. The affected components allow the renaming of license files with user input without authentication. Automation License Manager V6: All versions prior to V6.0 SP9 Upd4ģ.2 VULNERABILITY OVERVIEW 3.2.1 EXTERNAL CONTROL OF FILE NAME OR PATH CWE-73.Automation License Manager V5: All versions.The following software from Siemens is affected: Successful exploitation of these vulnerabilities could allow an attacker to modify and rename license files, extract licenses, and overwrite arbitrary files on the target system, potentially leading to privilege escalation and remote code execution. ![]() ![]() Vulnerabilities: External Control of File Name or Path, Path Traversal.Equipment: Automation License Manager (ALM).ATTENTION: Exploitable remotely/low attack complexity.For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). ![]() As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |