Simatic WinCC OA <V3.18 P014 Auth Remote Arg Injection in Ultralight Client
CVE-2022-44731 Published on December 13, 2022
A vulnerability has been identified in SIMATIC WinCC OA V3.15 (All versions < V3.15 P038), SIMATIC WinCC OA V3.16 (All versions < V3.16 P035), SIMATIC WinCC OA V3.17 (All versions < V3.17 P024), SIMATIC WinCC OA V3.18 (All versions < V3.18 P014). The affected component allows to inject custom arguments to the Ultralight Client backend application under certain circumstances. This could allow an authenticated remote attacker to inject arbitrary parameters when starting the client via the web interface (e.g., open attacker chosen panels with the attacker's credentials or start a Ctrl script).
Weakness Type
What is an Argument Injection Vulnerability?
The software constructs a string for a command to executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.
CVE-2022-44731 has been classified to as an Argument Injection vulnerability or weakness.
Products Associated with CVE-2022-44731
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2022-44731 are published in Siemens Simatic Wincc Oa:
Affected Versions
Siemens SIMATIC WinCC OA V3.15:- Version All versions < V3.15 P038 is affected.
- Version All versions < V3.16 P035 is affected.
- Version All versions < V3.17 P024 is affected.
- Version All versions < V3.18 P014 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.