Lucene search

SiemensCVELIST:CVE-2024-22042

HistoryFeb 13, 2024 - 9:00 a.m.

CVE-2024-22042

2024-02-1309:00:06

CWE-648

siemens

www.cve.org

unicam fx

windows installer

privileged apis

local privilege escalation

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C

AI Score

7.8

Confidence

High

EPSS

Percentile

9.0%

JSON

A vulnerability has been identified in Unicam FX (All versions). The windows installer agent used in affected product contains incorrect use of privileged APIs that trigger the Windows Console Host (conhost.exe) as a child process with SYSTEM privileges. This could be exploited by an attacker to perform a local privilege escalation attack.

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "Unicam FX",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "*",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

cert-portal.siemens.com/productcert/html/ssa-543502.html

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C

AI Score

7.8

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2024-22042