FKIE_CVE-2022-44731

Vulnerability from fkie_nvd - Published: 2022-12-13 16:15 - Updated: 2024-11-21 07:28
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
A vulnerability has been identified in SIMATIC WinCC OA V3.15 (All versions < V3.15 P038), SIMATIC WinCC OA V3.16 (All versions < V3.16 P035), SIMATIC WinCC OA V3.17 (All versions < V3.17 P024), SIMATIC WinCC OA V3.18 (All versions < V3.18 P014). The affected component allows to inject custom arguments to the Ultralight Client backend application under certain circumstances. This could allow an authenticated remote attacker to inject arbitrary parameters when starting the client via the web interface (e.g., open attacker chosen panels with the attacker's credentials or start a Ctrl script).
References
productcert@siemens.comhttps://cert-portal.siemens.com/productcert/pdf/ssa-547714.pdfPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-547714.pdfPatch, Vendor Advisory
Impacted products
Vendor Product Version
siemens simatic_wincc_oa 3.15
siemens simatic_wincc_oa 3.16
siemens simatic_wincc_oa 3.17
siemens simatic_wincc_oa 3.18
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:siemens:simatic_wincc_oa:3.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AC64598-94B9-458C-83AD-53A5FC96D029",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_wincc_oa:3.16:-:*:*:*:*:*:*",
              "matchCriteriaId": "FB4989E4-7551-47FB-A718-C337FF4FE1D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_wincc_oa:3.17:-:*:*:*:*:*:*",
              "matchCriteriaId": "305D0C1C-16AF-4011-B449-F266FFA6FA3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_wincc_oa:3.18:-:*:*:*:*:*:*",
              "matchCriteriaId": "2832A89E-57BE-4BB2-94AC-17DC3CFD91FA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been identified in SIMATIC WinCC OA V3.15 (All versions \u003c V3.15 P038), SIMATIC WinCC OA V3.16 (All versions \u003c V3.16 P035), SIMATIC WinCC OA V3.17 (All versions \u003c V3.17 P024), SIMATIC WinCC OA V3.18 (All versions \u003c V3.18 P014). The affected component allows to inject custom arguments to the Ultralight Client backend application under certain circumstances.\r\n\r\nThis could allow an authenticated remote attacker to inject arbitrary parameters when starting the client via the web interface (e.g., open attacker chosen panels with the attacker\u0027s credentials or start a Ctrl script)."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad en: \nSIMATIC WinCC OA V3.15 (todas las versiones \u0026lt; V3.15 P038), \nSIMATIC WinCC OA V3.16 (todas las versiones \u0026lt; V3.16 P035), \nSIMATIC WinCC OA V3.17 (todas las versiones \u0026lt; ; V3.17 P024), \nSIMATIC WinCC OA V3.18 (Todas las versiones \u0026lt; V3.18 P014). \nEl componente afectado permite inyectar argumentos personalizados a la aplicaci\u00f3n backend de Ultralight Client en determinadas circunstancias. Esto podr\u00eda permitir a un atacante remoto autenticado inyectar par\u00e1metros arbitrarios al iniciar el cliente a trav\u00e9s de la interfaz web (por ejemplo, abrir paneles elegidos por el atacante con las credenciales del atacante o iniciar un script Ctrl)."
    }
  ],
  "id": "CVE-2022-44731",
  "lastModified": "2024-11-21T07:28:23.160",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "productcert@siemens.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-12-13T16:15:24.543",
  "references": [
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-547714.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-547714.pdf"
    }
  ],
  "sourceIdentifier": "productcert@siemens.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-88"
        }
      ],
      "source": "productcert@siemens.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-88"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.