CVE-2022-44731

Summary

A vulnerability has been identified in SIMATIC WinCC OA V3.15 (All versions < V3.15 P038), SIMATIC WinCC OA V3.16 (All versions < V3.16 P035), SIMATIC WinCC OA V3.17 (All versions < V3.17 P024), SIMATIC WinCC OA V3.18 (All versions < V3.18 P014). The affected component allows to inject custom arguments to the Ultralight Client backend application under certain circumstances.

This could allow an authenticated remote attacker to inject arbitrary parameters when starting the client via the web interface (e.g., open attacker chosen panels with the attacker's credentials or start a Ctrl script).

Affected Software

VendorProductVersion RangeStatus
SiemensSIMATIC WinCC OA V3.15All versions < V3.15 P038affected
SiemensSIMATIC WinCC OA V3.16All versions < V3.16 P035affected
SiemensSIMATIC WinCC OA V3.17All versions < V3.17 P024affected
SiemensSIMATIC WinCC OA V3.18All versions < V3.18 P014affected

Weaknesses

  • CWE-88: CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References