Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Xpedition Designer VX.2.13 by Siemens

    CVE-2022-31465 (GCVE-0-2022-31465)

    Vulnerability from nvd – Published: 2022-06-14 09:21 – Updated: 2025-04-21 13:53
    VLAI
    Summary
    A vulnerability has been identified in Xpedition Designer VX.2.10 (All versions < VX.2.10 Update 13), Xpedition Designer VX.2.11 (All versions < VX.2.11 Update 11), Xpedition Designer VX.2.12 (All versions < VX.2.12 Update 5), Xpedition Designer VX.2.13 (All versions < VX.2.13 Update 1). The affected application assigns improper access rights to the service executable. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    Impacted products
    Vendor Product Version
    Siemens Xpedition Designer VX.2.10 Affected: All versions < VX.2.10 Update 13
    Create a notification for this product.
    Siemens Xpedition Designer VX.2.11 Affected: All versions < VX.2.11 Update 11
    Create a notification for this product.
    Siemens Xpedition Designer VX.2.12 Affected: All versions < VX.2.12 Update 5
    Create a notification for this product.
    Siemens Xpedition Designer VX.2.13 Affected: All versions < VX.2.13 Update 1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:19:05.664Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-988345.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-31465",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-18T15:23:30.969753Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-21T13:53:02.256Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Xpedition Designer VX.2.10",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c VX.2.10 Update 13"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Xpedition Designer VX.2.11",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c VX.2.11 Update 11"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Xpedition Designer VX.2.12",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c VX.2.12 Update 5"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Xpedition Designer VX.2.13",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c VX.2.13 Update 1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in Xpedition Designer VX.2.10 (All versions \u003c VX.2.10 Update 13), Xpedition Designer VX.2.11 (All versions \u003c VX.2.11 Update 11), Xpedition Designer VX.2.12 (All versions \u003c VX.2.12 Update 5), Xpedition Designer VX.2.13 (All versions \u003c VX.2.13 Update 1). The affected application assigns improper access rights to the service executable. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-13T08:16:46.785Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-988345.pdf"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2022-31465",
        "datePublished": "2022-06-14T09:21:56.000Z",
        "dateReserved": "2022-05-23T00:00:00.000Z",
        "dateUpdated": "2025-04-21T13:53:02.256Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-31465 (GCVE-0-2022-31465)

    Vulnerability from cvelistv5 – Published: 2022-06-14 09:21 – Updated: 2025-04-21 13:53
    VLAI
    Summary
    A vulnerability has been identified in Xpedition Designer VX.2.10 (All versions < VX.2.10 Update 13), Xpedition Designer VX.2.11 (All versions < VX.2.11 Update 11), Xpedition Designer VX.2.12 (All versions < VX.2.12 Update 5), Xpedition Designer VX.2.13 (All versions < VX.2.13 Update 1). The affected application assigns improper access rights to the service executable. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    Impacted products
    Vendor Product Version
    Siemens Xpedition Designer VX.2.10 Affected: All versions < VX.2.10 Update 13
    Create a notification for this product.
    Siemens Xpedition Designer VX.2.11 Affected: All versions < VX.2.11 Update 11
    Create a notification for this product.
    Siemens Xpedition Designer VX.2.12 Affected: All versions < VX.2.12 Update 5
    Create a notification for this product.
    Siemens Xpedition Designer VX.2.13 Affected: All versions < VX.2.13 Update 1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:19:05.664Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-988345.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-31465",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-18T15:23:30.969753Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-21T13:53:02.256Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Xpedition Designer VX.2.10",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c VX.2.10 Update 13"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Xpedition Designer VX.2.11",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c VX.2.11 Update 11"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Xpedition Designer VX.2.12",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c VX.2.12 Update 5"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Xpedition Designer VX.2.13",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c VX.2.13 Update 1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in Xpedition Designer VX.2.10 (All versions \u003c VX.2.10 Update 13), Xpedition Designer VX.2.11 (All versions \u003c VX.2.11 Update 11), Xpedition Designer VX.2.12 (All versions \u003c VX.2.12 Update 5), Xpedition Designer VX.2.13 (All versions \u003c VX.2.13 Update 1). The affected application assigns improper access rights to the service executable. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-13T08:16:46.785Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-988345.pdf"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2022-31465",
        "datePublished": "2022-06-14T09:21:56.000Z",
        "dateReserved": "2022-05-23T00:00:00.000Z",
        "dateUpdated": "2025-04-21T13:53:02.256Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }