CVE-2022-44731
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 14:01
Summary
A vulnerability has been identified in SIMATIC WinCC OA V3.15 (All versions < V3.15 P038), SIMATIC WinCC OA V3.16 (All versions < V3.16 P035), SIMATIC WinCC OA V3.17 (All versions < V3.17 P024), SIMATIC WinCC OA V3.18 (All versions < V3.18 P014). The affected component allows to inject custom arguments to the Ultralight Client backend application under certain circumstances. This could allow an authenticated remote attacker to inject arbitrary parameters when starting the client via the web interface (e.g., open attacker chosen panels with the attacker's credentials or start a Ctrl script).
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T14:01:31.331Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-547714.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinCC OA V3.15",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.15 P038"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinCC OA V3.16",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.16 P035"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinCC OA V3.17",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.17 P024"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinCC OA V3.18",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.18 P014"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SIMATIC WinCC OA V3.15 (All versions \u003c V3.15 P038), SIMATIC WinCC OA V3.16 (All versions \u003c V3.16 P035), SIMATIC WinCC OA V3.17 (All versions \u003c V3.17 P024), SIMATIC WinCC OA V3.18 (All versions \u003c V3.18 P014). The affected component allows to inject custom arguments to the Ultralight Client backend application under certain circumstances.\r\n\r\nThis could allow an authenticated remote attacker to inject arbitrary parameters when starting the client via the web interface (e.g., open attacker chosen panels with the attacker\u0027s credentials or start a Ctrl script)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-88",
              "description": "CWE-88: Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-10T11:39:40.956Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-547714.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2022-44731",
    "datePublished": "2022-12-13T00:00:00",
    "dateReserved": "2022-11-04T00:00:00",
    "dateUpdated": "2024-08-03T14:01:31.331Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-44731\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2022-12-13T16:15:24.543\",\"lastModified\":\"2023-11-07T03:54:25.723\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in SIMATIC WinCC OA V3.15 (All versions \u003c V3.15 P038), SIMATIC WinCC OA V3.16 (All versions \u003c V3.16 P035), SIMATIC WinCC OA V3.17 (All versions \u003c V3.17 P024), SIMATIC WinCC OA V3.18 (All versions \u003c V3.18 P014). The affected component allows to inject custom arguments to the Ultralight Client backend application under certain circumstances.\\r\\n\\r\\nThis could allow an authenticated remote attacker to inject arbitrary parameters when starting the client via the web interface (e.g., open attacker chosen panels with the attacker\u0027s credentials or start a Ctrl script).\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una vulnerabilidad en: \\nSIMATIC WinCC OA V3.15 (todas las versiones \u0026lt; V3.15 P038), \\nSIMATIC WinCC OA V3.16 (todas las versiones \u0026lt; V3.16 P035), \\nSIMATIC WinCC OA V3.17 (todas las versiones \u0026lt; ; V3.17 P024), \\nSIMATIC WinCC OA V3.18 (Todas las versiones \u0026lt; V3.18 P014). \\nEl componente afectado permite inyectar argumentos personalizados a la aplicaci\u00f3n backend de Ultralight Client en determinadas circunstancias. Esto podr\u00eda permitir a un atacante remoto autenticado inyectar par\u00e1metros arbitrarios al iniciar el cliente a trav\u00e9s de la interfaz web (por ejemplo, abrir paneles elegidos por el atacante con las credenciales del atacante o iniciar un script Ctrl).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":2.5},{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-88\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-88\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc_oa:3.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AC64598-94B9-458C-83AD-53A5FC96D029\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc_oa:3.16:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB4989E4-7551-47FB-A718-C337FF4FE1D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc_oa:3.17:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"305D0C1C-16AF-4011-B449-F266FFA6FA3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc_oa:3.18:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"2832A89E-57BE-4BB2-94AC-17DC3CFD91FA\"}]}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-547714.pdf\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.