Multiple vulnerabilities in Siemens Automation License Manager

Published: 2023-01-11 | Updated: 2023-01-12

Risk	High
Patch available	YES
Number of vulnerabilities	2
CVE-ID	CVE-2022-43513 CVE-2022-43514
CWE-ID	CWE-73 CWE-22
Exploitation vector	Network
Public exploit	N/A
Vulnerable software Subscribe	Siemens Automation License Manager Server applications / SCADA systems
Vendor	Siemens

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) External Control of File Name or Path

EUVDB-ID: #VU71086

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-43513

CWE-ID: CWE-73 - External Control of File Name or Path

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to application allows an attacker to control path of the files to rename. A remote attacker can rename and move files as SYSTEM user.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Siemens Automation License Manager: 5.0 - 6.0

External links

http://cert-portal.siemens.com/productcert/pdf/ssa-476715.pdficsa-23-012-10

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Path traversal

EUVDB-ID: #VU71087

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-43514

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')