Rewterz Threat Advisory – ICS: Multiple Siemens Solid Edge Vulnerabilities
February 16, 2023Rewterz Threat Alert – North Korean Threat Actor Group APT37 Targeting Southern Counterpart – Active IOCs
February 16, 2023Rewterz Threat Advisory – ICS: Multiple Siemens Solid Edge Vulnerabilities
February 16, 2023Rewterz Threat Alert – North Korean Threat Actor Group APT37 Targeting Southern Counterpart – Active IOCs
February 16, 2023Severity
Medium
Analysis Summary
CVE-2022-35868
Siemens TIA Multiuser Server and Siemens TIA Project-Server could allow a remote authenticated attacker to gain elevated privileges on the system, caused by an untrusted search path vulnerability. By persuading a victim to start the service from an attacker-controlled path, an attacker could exploit this vulnerability to gain elevated privileges on the system.
Impact
- Privilege Escalation
Indicators Of Compromise
CVE
- CVE-2022-35868
Affected Vendors
Siemens
Affected Products
- Siemens TIA Multiuser Server V14
- Siemens TIA Multiuser Server V15 15.1 Update 6
- Siemens TIA Multiuser Server V15 15.1 Update 7
- Siemens TIA Project-Server 1.0
- Siemens TIA Project-Server V16
- Siemens TIA Project-Server V17
Remediation
Refer to Siemens Security Advisory for patch, upgrade or suggested workaround information.