Vulnerability Details CVE-2022-23448
A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). Affected applications improperly assign permissions to critical directories and files used by the application processes. This could allow a local unprivileged attacker to achieve code execution with ADMINISTRATOR or even NT AUTHORITY/SYSTEM privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 5.7%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 7.2
References
Products affected by CVE-2022-23448
-
cpe:2.3:a:siemens:simatic_energy_manager_basic:*
-
cpe:2.3:a:siemens:simatic_energy_manager_basic:7.3
-
cpe:2.3:a:siemens:simatic_energy_manager_pro:*
-
cpe:2.3:a:siemens:simatic_energy_manager_pro:7.3