CVE-2022-31465

Summary

A vulnerability has been identified in Xpedition Designer VX.2.10 (All versions < VX.2.10 Update 13), Xpedition Designer VX.2.11 (All versions < VX.2.11 Update 11), Xpedition Designer VX.2.12 (All versions < VX.2.12 Update 5), Xpedition Designer VX.2.13 (All versions < VX.2.13 Update 1). The affected application assigns improper access rights to the service executable. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges.

Affected Software

VendorProductVersion RangeStatus
SiemensXpedition Designer VX.2.10All versions < VX.2.10 Update 13affected
SiemensXpedition Designer VX.2.11All versions < VX.2.11 Update 11affected
SiemensXpedition Designer VX.2.12All versions < VX.2.12 Update 5affected
SiemensXpedition Designer VX.2.13All versions < VX.2.13 Update 1affected

Weaknesses

  • CWE-732: CWE-732: Incorrect Permission Assignment for Critical Resource

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References