A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). Affected applications improperly assign permissions to critical directories and files used by the application processes. This could allow a local unprivileged attacker to achieve code execution with ADMINISTRATOR or even NT AUTHORITY/SYSTEM privileges.
[
{
"product": "SIMATIC Energy Manager Basic",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions < V7.3 Update 1"
}
]
},
{
"product": "SIMATIC Energy Manager PRO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions < V7.3 Update 1"
}
]
}
]