Search criteria
3 vulnerabilities found for xpedition_designer by siemens
FKIE_CVE-2022-31465
Vulnerability from fkie_nvd - Published: 2022-06-14 10:15 - Updated: 2024-11-21 07:04
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability has been identified in Xpedition Designer VX.2.10 (All versions < VX.2.10 Update 13), Xpedition Designer VX.2.11 (All versions < VX.2.11 Update 11), Xpedition Designer VX.2.12 (All versions < VX.2.12 Update 5), Xpedition Designer VX.2.13 (All versions < VX.2.13 Update 1). The affected application assigns improper access rights to the service executable. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | xpedition_designer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:xpedition_designer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9637EAEF-B8C5-4FAB-A104-61972CBE4A2F",
"versionEndExcluding": "vx.2.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Xpedition Designer VX.2.10 (All versions \u003c VX.2.10 Update 13), Xpedition Designer VX.2.11 (All versions \u003c VX.2.11 Update 11), Xpedition Designer VX.2.12 (All versions \u003c VX.2.12 Update 5), Xpedition Designer VX.2.13 (All versions \u003c VX.2.13 Update 1). The affected application assigns improper access rights to the service executable. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en Xpedition Designer (Todas las versiones anteriores a VX.2.11). La aplicaci\u00f3n afectada asigna derechos de acceso inapropiados al ejecutable del servicio. Esto podr\u00eda permitir a un atacante local autenticado inyectar c\u00f3digo arbitrario y escalar privilegios"
}
],
"id": "CVE-2022-31465",
"lastModified": "2024-11-21T07:04:30.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-14T10:15:20.547",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-988345.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-988345.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-31465 (GCVE-0-2022-31465)
Vulnerability from cvelistv5 – Published: 2022-06-14 09:21 – Updated: 2025-04-21 13:53
VLAI?
Summary
A vulnerability has been identified in Xpedition Designer VX.2.10 (All versions < VX.2.10 Update 13), Xpedition Designer VX.2.11 (All versions < VX.2.11 Update 11), Xpedition Designer VX.2.12 (All versions < VX.2.12 Update 5), Xpedition Designer VX.2.13 (All versions < VX.2.13 Update 1). The affected application assigns improper access rights to the service executable. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges.
Severity ?
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | Xpedition Designer VX.2.10 |
Affected:
All versions < VX.2.10 Update 13
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:19:05.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-988345.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-31465",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T15:23:30.969753Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-21T13:53:02.256Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Xpedition Designer VX.2.10",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c VX.2.10 Update 13"
}
]
},
{
"defaultStatus": "unknown",
"product": "Xpedition Designer VX.2.11",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c VX.2.11 Update 11"
}
]
},
{
"defaultStatus": "unknown",
"product": "Xpedition Designer VX.2.12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c VX.2.12 Update 5"
}
]
},
{
"defaultStatus": "unknown",
"product": "Xpedition Designer VX.2.13",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c VX.2.13 Update 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Xpedition Designer VX.2.10 (All versions \u003c VX.2.10 Update 13), Xpedition Designer VX.2.11 (All versions \u003c VX.2.11 Update 11), Xpedition Designer VX.2.12 (All versions \u003c VX.2.12 Update 5), Xpedition Designer VX.2.13 (All versions \u003c VX.2.13 Update 1). The affected application assigns improper access rights to the service executable. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-13T08:16:46.785Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-988345.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-31465",
"datePublished": "2022-06-14T09:21:56.000Z",
"dateReserved": "2022-05-23T00:00:00.000Z",
"dateUpdated": "2025-04-21T13:53:02.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31465 (GCVE-0-2022-31465)
Vulnerability from nvd – Published: 2022-06-14 09:21 – Updated: 2025-04-21 13:53
VLAI?
Summary
A vulnerability has been identified in Xpedition Designer VX.2.10 (All versions < VX.2.10 Update 13), Xpedition Designer VX.2.11 (All versions < VX.2.11 Update 11), Xpedition Designer VX.2.12 (All versions < VX.2.12 Update 5), Xpedition Designer VX.2.13 (All versions < VX.2.13 Update 1). The affected application assigns improper access rights to the service executable. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges.
Severity ?
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | Xpedition Designer VX.2.10 |
Affected:
All versions < VX.2.10 Update 13
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:19:05.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-988345.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-31465",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T15:23:30.969753Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-21T13:53:02.256Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Xpedition Designer VX.2.10",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c VX.2.10 Update 13"
}
]
},
{
"defaultStatus": "unknown",
"product": "Xpedition Designer VX.2.11",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c VX.2.11 Update 11"
}
]
},
{
"defaultStatus": "unknown",
"product": "Xpedition Designer VX.2.12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c VX.2.12 Update 5"
}
]
},
{
"defaultStatus": "unknown",
"product": "Xpedition Designer VX.2.13",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c VX.2.13 Update 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Xpedition Designer VX.2.10 (All versions \u003c VX.2.10 Update 13), Xpedition Designer VX.2.11 (All versions \u003c VX.2.11 Update 11), Xpedition Designer VX.2.12 (All versions \u003c VX.2.12 Update 5), Xpedition Designer VX.2.13 (All versions \u003c VX.2.13 Update 1). The affected application assigns improper access rights to the service executable. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-13T08:16:46.785Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-988345.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-31465",
"datePublished": "2022-06-14T09:21:56.000Z",
"dateReserved": "2022-05-23T00:00:00.000Z",
"dateUpdated": "2025-04-21T13:53:02.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}