Description
A vulnerability has been identified in TIA Multiuser Server V14 (All versions), TIA Multiuser Server V15 (All versions < V15.1 Update 8), TIA Project-Server (All versions < V1.1), TIA Project-Server V16 (All versions), TIA Project-Server V17 (All versions < V17 Update 6). Affected applications contain an untrusted search path vulnerability that could allow an attacker to escalate privileges, when tricking a legitimate user to start the service from an attacker controlled path.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
E
Physical
RL
O
RC
Changed
Affected products
- Siemens / TIA Multiuser Server V140 – *
- Siemens / TIA Multiuser Server V15All versions < V15.1 Update 8 – All versions < V15.1 Update 8
- Siemens / TIA Project-ServerAll versions < V1.1 – All versions < V1.1
- Siemens / TIA Project-Server V160 – *
- Siemens / TIA Project-Server V17All versions < V17 Update 6 – All versions < V17 Update 6