CVE-2022-35868

Summary

A vulnerability has been identified in TIA Multiuser Server V14 (All versions), TIA Multiuser Server V15 (All versions < V15.1 Update 8), TIA Project-Server (All versions < V1.1), TIA Project-Server V16 (All versions), TIA Project-Server V17 (All versions < V17 Update 6). Affected applications contain an untrusted search path vulnerability that could allow an attacker to escalate privileges, when tricking a legitimate user to start the service from an attacker controlled path.

Affected Software

VendorProductVersion RangeStatus
SiemensTIA Multiuser Server V140 < *affected
SiemensTIA Multiuser Server V15All versions < V15.1 Update 8affected
SiemensTIA Project-ServerAll versions < V1.1affected
SiemensTIA Project-Server V160 < *affected
SiemensTIA Project-Server V17All versions < V17 Update 6affected

Weaknesses

  • CWE-426: CWE-426: Untrusted Search Path

ADP Enrichment

CVE Program Container

Additional References

References