First published: Tue Jan 10 2023(Updated: )
A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions < V6.0 SP9 Upd4), TeleControl Server Basic V3 (All versions < V3.1.2). The affected components allow to rename license files with user chosen input without authentication. This could allow an unauthenticated remote attacker to rename and move files as SYSTEM user.
Credit: productcert@siemens.com productcert@siemens.com
Affected Software | Affected Version | How to fix |
---|---|---|
Siemens Automation License Manager | =5.0.0 | |
Siemens Automation License Manager | =5.1 | |
Siemens Automation License Manager | =5.1-sp1 | |
Siemens Automation License Manager | =5.2 | |
Siemens Automation License Manager | =5.3 | |
Siemens Automation License Manager | =5.3-sp3 | |
Siemens Automation License Manager | =5.3.4.4 | |
Siemens Automation License Manager | =6.0 | |
Siemens Automation License Manager | =6.0.1 | |
Siemens Automation License Manager | =6.0.8 | |
Siemens Automation License Manager | =6.0.9 | |
=5.0.0 | ||
=5.1 | ||
=5.1-sp1 | ||
=5.2 | ||
=5.3 | ||
=5.3-sp3 | ||
=5.3.4.4 | ||
=6.0 | ||
=6.0.1 | ||
=6.0.8 | ||
=6.0.9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2022-43513 is high with a severity value of 7.5.
The affected software for CVE-2022-43513 is Siemens Automation License Manager versions 5.0.0, 5.1, 5.1-sp1, 5.2, 5.3, 5.3-sp3, 5.3.4.4, 6.0, 6.0.1, 6.0.8, and 6.0.9.
An unauthenticated remote attacker can exploit CVE-2022-43513 by renaming license files with user chosen input without authentication.
No, authentication is not required for exploiting CVE-2022-43513.
More information about CVE-2022-43513 can be found at the following reference: https://cert-portal.siemens.com/productcert/pdf/ssa-476715.pdf