CVE-2022-43513
First published: Tue Jan 10 2023(Updated: )
A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions < V6.0 SP9 Upd4), TeleControl Server Basic V3 (All versions < V3.1.2). The affected components allow to rename license files with user chosen input without authentication. This could allow an unauthenticated remote attacker to rename and move files as SYSTEM user.
Credit: productcert@siemens.com productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens Automation License Manager | =5.0.0 | |
| Siemens Automation License Manager | =5.1 | |
| Siemens Automation License Manager | =5.1-sp1 | |
| Siemens Automation License Manager | =5.2 | |
| Siemens Automation License Manager | =5.3 | |
| Siemens Automation License Manager | =5.3-sp3 | |
| Siemens Automation License Manager | =5.3.4.4 | |
| Siemens Automation License Manager | =6.0 | |
| Siemens Automation License Manager | =6.0.1 | |
| Siemens Automation License Manager | =6.0.8 | |
| Siemens Automation License Manager | =6.0.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-43513?
The severity of CVE-2022-43513 is high with a severity value of 7.5.
What is the affected software for CVE-2022-43513?
The affected software for CVE-2022-43513 is Siemens Automation License Manager versions 5.0.0, 5.1, 5.1-sp1, 5.2, 5.3, 5.3-sp3, 5.3.4.4, 6.0, 6.0.1, 6.0.8, and 6.0.9.
How can an unauthenticated remote attacker exploit CVE-2022-43513?
An unauthenticated remote attacker can exploit CVE-2022-43513 by renaming license files with user chosen input without authentication.
Is authentication required for exploiting CVE-2022-43513?
No, authentication is not required for exploiting CVE-2022-43513.
Where can I find more information about CVE-2022-43513?
More information about CVE-2022-43513 can be found at the following reference: https://cert-portal.siemens.com/productcert/pdf/ssa-476715.pdf
- collector/nvd-index
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/last-modified-date
- agent/author
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/siemens
- canonical/siemens automation license manager
- version/siemens automation license manager/5.0.0
- version/siemens automation license manager/5.1
- version/siemens automation license manager/5.1-sp1
- version/siemens automation license manager/5.2
- version/siemens automation license manager/5.3
- version/siemens automation license manager/5.3-sp3
- version/siemens automation license manager/5.3.4.4
- version/siemens automation license manager/6.0
- version/siemens automation license manager/6.0.1
- version/siemens automation license manager/6.0.8
- version/siemens automation license manager/6.0.9