A vulnerability has been identified in SIMATIC WinCC OA V3.15 (All versions < V3.15 P038), SIMATIC WinCC OA V3.16 (All versions < V3.16 P035), SIMATIC WinCC OA V3.17 (All versions < V3.17 P024), SIMATIC WinCC OA V3.18 (All versions < V3.18 P014). The affected component allows to inject custom arguments to the Ultralight Client backend application under certain circumstances.
This could allow an authenticated remote attacker to inject arbitrary parameters when starting the client via the web interface (e.g., open attacker chosen panels with the attacker's credentials or start a Ctrl script).
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: siemens
Published: 2022-12-13T00:00:00
Updated: 2024-08-03T14:01:31.331Z
Reserved: 2022-11-04T00:00:00
Link: CVE-2022-44731
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-12-13T16:15:24.543
Modified: 2024-11-21T07:28:23.160
Link: CVE-2022-44731
Redhat
No data.