BDU:2022-04368

CVE-2022-23448

A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). Affected applications improperly assign permissions to critical directories and files used by the application processes. This could allow a local unprivileged attacker to achieve code execution with ADMINISTRATOR or even NT AUTHORITY/SYSTEM privileges.

GHSA-5hqf-83pf-c8gv

A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). Affected applications improperly assign permissions to critical directories and files used by the application processes. This could allow a local unprivileged attacker to achieve code execution with ADMINISTRATOR or even NT AUTHORITY/SYSTEM privileges.

BDU:2022-04690

Уязвимость программного средства системы энергоменеджмента SIMATIC Energy Manager Basic и SIMATIC Energy Manager PRO, связанная с неправильным назначением разрешений для файлов и каталогов, позволяющая нарушителю повысить свои привилегии или выполнить произвольный код