A vulnerability has been identified in SIMATIC WinCC OA V3.15 (All versions < V3.15 P038), SIMATIC WinCC OA V3.16 (All versions < V3.16 P035), SIMATIC WinCC OA V3.17 (All versions < V3.17 P024), SIMATIC WinCC OA V3.18 (All versions < V3.18 P014). The affected component allows to inject custom arguments to the Ultralight Client backend application under certain circumstances.
This could allow an authenticated remote attacker to inject arbitrary parameters when starting the client via the web interface (e.g., open attacker chosen panels with the attacker's credentials or start a Ctrl script).
References
Link | Resource |
---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-547714.pdf | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: siemens
Published: 2022-12-13T00:00:00
Updated: 2023-01-10T11:39:40.956Z
Reserved: 2022-11-04T00:00:00
Link: CVE-2022-44731
JSON object: View
NVD Information
Status : Modified
Published: 2022-12-13T16:15:24.543
Modified: 2023-11-07T03:54:25.723
Link: CVE-2022-44731
JSON object: View
Redhat Information
No data.
CWE