Multiple vulnerabilities in Siemens SIMATIC Energy Manager
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2022-23448 CVE-2022-23449 CVE-2022-23450 |
| CWE-ID | CWE-732 CWE-427 CWE-502 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
SIMATIC Energy Manager Basic Other software / Other software solutions SIMATIC Energy Manager PRO Other software / Other software solutions |
| Vendor |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Incorrect permission assignment for critical resource
EUVDB-ID: #VU62387
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-23448
CWE-ID:
CWE-732 - Incorrect Permission Assignment for Critical Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the affected application assigns permissions to critical directories and files used by the application processes. A local user can execute arbitrary code on the system with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSIMATIC Energy Manager Basic: before 7.3 Update 1
SIMATIC Energy Manager PRO: before 7.3 Update 1
External linkshttp://cert-portal.siemens.com/productcert/pdf/ssa-655554.pdf
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Insecure DLL loading
EUVDB-ID: #VU62388
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-23449
CWE-ID:
CWE-427 - Uncontrolled Search Path Element
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to the application loads DLL libraries in an insecure manner. A local user can place a specially crafted .dll file and execute arbitrary code on victim's system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSIMATIC Energy Manager PRO: before 7.3 Update 1
SIMATIC Energy Manager Basic: before 7.3 Update 1
External linkshttp://cert-portal.siemens.com/productcert/pdf/ssa-655554.pdf
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Deserialization of Untrusted Data
EUVDB-ID: #VU62389
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-23450
CWE-ID:
CWE-502 - Deserialization of Untrusted Data
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSIMATIC Energy Manager PRO: before 7.3 Update 1
SIMATIC Energy Manager Basic: before 7.3 Update 1
External linkshttp://cert-portal.siemens.com/productcert/pdf/ssa-655554.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
