First published: Tue Jun 14 2022(Updated: )
A vulnerability has been identified in Xpedition Designer VX.2.10 (All versions < VX.2.10 Update 13), Xpedition Designer VX.2.11 (All versions < VX.2.11 Update 11), Xpedition Designer VX.2.12 (All versions < VX.2.12 Update 5), Xpedition Designer VX.2.13 (All versions < VX.2.13 Update 1). The affected application assigns improper access rights to the service executable. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges.
Credit: productcert@siemens.com
Affected Software | Affected Version | How to fix |
---|---|---|
Siemens Xpedition Designer | <vx.2.11 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2022-31465.
The severity of CVE-2022-31465 is high, with a score of 7.8.
Xpedition Designer versions < VX.2.10 Update 13, < VX.2.11 Update 11, < VX.2.12 Update 5, and < VX.2.13 Update 1 are affected by CVE-2022-31465.
To fix CVE-2022-31465, users should update their Xpedition Designer software to VX.2.10 Update 13, VX.2.11 Update 11, VX.2.12 Update 5, or VX.2.13 Update 1.
More information about CVE-2022-31465 can be found at the following reference link: [Siemens Xpedition Designer Security Advisory](https://cert-portal.siemens.com/productcert/pdf/ssa-988345.pdf).