The vulnerabilities of the OPC UA server software of the SIMATIC Energy Manager Basic and SIMATIC Energy Manager PRO systems, as well as the SIMATIC IPC DiagBase micro-programming device, and the SIMIT simulation modeling software, allow a malicious actor to trigger maintenance failures.

The vulnerability of the OPC UA server of the SIMATIC Energy Manager Basic and SIMATIC Energy Manager PRO systems, as well as the SIMATIC IPC DiagBase micro-programming device, and the SIMIT simulation software, is related to improper management of sequential memory distribution. Exploiting this...

The vulnerability of the SIMATIC Energy Manager Basic and SIMATIC Energy Manager PRO software lies in the improper assignment of permissions for files and directories, which allows a perpetrator to increase their privileges or execute arbitrary code.

The vulnerability of the SIMATIC Energy Manager Basic and SIMATIC Energy Manager PRO software lies in the improper assignment of permissions for files and directories. Exploiting this vulnerability can allow an attacker to increase their privileges or execute arbitrary code...

The vulnerability of the SIMATIC Energy Manager Basic and SIMATIC Energy Manager PRO software lies in an uncontrolled element of the loading process for DLL libraries. This allows a hacker to execute arbitrary code.

The vulnerability of the SIMATIC Energy Manager Basic and SIMATIC Energy Manager PRO software lies in an uncontrolled element of the loading process when libraries of DLL files are loaded. Exploiting this vulnerability can allow a perpetrator to execute arbitrary code...

The vulnerability of the SIMATIC Energy Manager Basic and SIMATIC Energy Manager PRO software lies in the ability to restore unreliable data in memory, allowing a perpetrator to execute arbitrary code.

The vulnerability of the SIMATIC Energy Manager Basic and SIMATIC Energy Manager PRO software lies in the ability to restore unreliable data in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the SIMATIC Energy Manager Basic and SIMATIC Energy Manager PRO software lies in the improper assignment of permissions to critical resources, allowing a perpetrator to execute arbitrary code.

The vulnerability of the SIMATIC Energy Manager Basic and SIMATIC Energy Manager PRO software lies in the improper assignment of permissions for a critical resource. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

CVE-2022-23448

A vulnerability has been identified in SIMATIC Energy Manager Basic All versions V7.3 Update 1, SIMATIC Energy Manager PRO All versions V7.3 Update 1. Affected applications improperly assign permissions to critical directories and files used by the application processes. This could allow a local...

CVE-2022-23449

A vulnerability has been identified in SIMATIC Energy Manager Basic All versions V7.3 Update 1, SIMATIC Energy Manager PRO All versions V7.3 Update 1. A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges by placing a malicious DLL in one of the...

CVE-2022-23450

A vulnerability has been identified in SIMATIC Energy Manager Basic All versions V7.3 Update 1, SIMATIC Energy Manager PRO All versions V7.3 Update 1. The affected system allows remote users to send maliciously crafted objects. Due to insecure deserialization of user-supplied content by the...

CVE-2022-23449

A vulnerability has been identified in SIMATIC Energy Manager Basic All versions V7.3 Update 1, SIMATIC Energy Manager PRO All versions V7.3 Update 1. A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges by placing a malicious DLL in one of the...

Path traversal

A vulnerability has been identified in SIMATIC Energy Manager Basic All versions V7.3 Update 1, SIMATIC Energy Manager PRO All versions V7.3 Update 1. A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges by placing a malicious DLL in one of the...

CVE-2022-23449

Siemens SIMATIC Energy Manager Basic (all versions < 7.3 Update 1) and PRO (all versions

CVE-2022-23448

CVE-2022-23448 affects Siemens SIMATIC Energy Manager Basic (all versions < v7.3 Update 1) and SIMATIC Energy Manager PRO (all versions