cnvd - cnvd-2023-02704

cnvd-2023-02704

Vulnerability from cnvd

Title: Siemens Automation License Manager路径遍历漏洞

Description:

Automation License Manager（ALM）集中管理各种西门子软件产品的许可证密钥。需要许可证密钥的软件产品会自动向ALM报告此要求。当ALM找到此软件的有效许可证密钥时，可以根据最终用户许可协议使用该软件。

Siemens Automation License Manager存在路径遍历漏洞，未经身份验证的远程攻击者可利用该漏洞对指定根文件夹之外的文件执行文件操作。

Severity: 高

Patch Name: Siemens Automation License Manager路径遍历漏洞的补丁

Patch Description:

Siemens Automation License Manager存在路径遍历漏洞，未经身份验证的远程攻击者可利用该漏洞对指定根文件夹之外的文件执行文件操作。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://cert-portal.siemens.com/productcert/html/ssa-476715.html

Reference: https://cert-portal.siemens.com/productcert/html/ssa-476715.html

Impacted products

Name
['Siemens Automation License Manager 5', 'Siemens Automation License Manager 6 <6.0 SP9 Upd4']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-43514"
    }
  },
  "description": "Automation License Manager\uff08ALM\uff09\u96c6\u4e2d\u7ba1\u7406\u5404\u79cd\u897f\u95e8\u5b50\u8f6f\u4ef6\u4ea7\u54c1\u7684\u8bb8\u53ef\u8bc1\u5bc6\u94a5\u3002\u9700\u8981\u8bb8\u53ef\u8bc1\u5bc6\u94a5\u7684\u8f6f\u4ef6\u4ea7\u54c1\u4f1a\u81ea\u52a8\u5411ALM\u62a5\u544a\u6b64\u8981\u6c42\u3002\u5f53ALM\u627e\u5230\u6b64\u8f6f\u4ef6\u7684\u6709\u6548\u8bb8\u53ef\u8bc1\u5bc6\u94a5\u65f6\uff0c\u53ef\u4ee5\u6839\u636e\u6700\u7ec8\u7528\u6237\u8bb8\u53ef\u534f\u8bae\u4f7f\u7528\u8be5\u8f6f\u4ef6\u3002\n\nSiemens Automation License Manager\u5b58\u5728\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\uff0c\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bf9\u6307\u5b9a\u6839\u6587\u4ef6\u5939\u4e4b\u5916\u7684\u6587\u4ef6\u6267\u884c\u6587\u4ef6\u64cd\u4f5c\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://cert-portal.siemens.com/productcert/html/ssa-476715.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2023-02704",
  "openTime": "2023-01-13",
  "patchDescription": "Automation License Manager\uff08ALM\uff09\u96c6\u4e2d\u7ba1\u7406\u5404\u79cd\u897f\u95e8\u5b50\u8f6f\u4ef6\u4ea7\u54c1\u7684\u8bb8\u53ef\u8bc1\u5bc6\u94a5\u3002\u9700\u8981\u8bb8\u53ef\u8bc1\u5bc6\u94a5\u7684\u8f6f\u4ef6\u4ea7\u54c1\u4f1a\u81ea\u52a8\u5411ALM\u62a5\u544a\u6b64\u8981\u6c42\u3002\u5f53ALM\u627e\u5230\u6b64\u8f6f\u4ef6\u7684\u6709\u6548\u8bb8\u53ef\u8bc1\u5bc6\u94a5\u65f6\uff0c\u53ef\u4ee5\u6839\u636e\u6700\u7ec8\u7528\u6237\u8bb8\u53ef\u534f\u8bae\u4f7f\u7528\u8be5\u8f6f\u4ef6\u3002\r\n\r\nSiemens Automation License Manager\u5b58\u5728\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\uff0c\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bf9\u6307\u5b9a\u6839\u6587\u4ef6\u5939\u4e4b\u5916\u7684\u6587\u4ef6\u6267\u884c\u6587\u4ef6\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens Automation License Manager\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Siemens Automation License Manager 5",
      "Siemens Automation License Manager 6 \u003c6.0 SP9 Upd4"
    ]
  },
  "referenceLink": "https://cert-portal.siemens.com/productcert/html/ssa-476715.html",
  "serverity": "\u9ad8",
  "submitTime": "2023-01-13",
  "title": "Siemens Automation License Manager\u8def\u5f84\u904d\u5386\u6f0f\u6d1e"
}

CVE-2022-43514 (GCVE-0-2022-43514)

Vulnerability from cvelistv5

Published

2023-01-10 11:39

Modified

2025-04-09 15:20

Severity ?

7.7 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Summary

A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions < V6.0 SP9 Upd4), TeleControl Server Basic V3 (All versions < V3.1.2). The affected component does not correctly validate the root path on folder related operations, allowing to modify files and folders outside the intended root directory. This could allow an unauthenticated remote attacker to execute file operations of files outside of the specified root folder. Chained with CVE-2022-43513 this could allow Remote Code Execution.

References

▼	URL	Tags
	https://cert-portal.siemens.com/productcert/pdf/ssa-476715.pdf
	https://cert-portal.siemens.com/productcert/html/ssa-476715.html
	https://cert-portal.siemens.com/productcert/html/ssa-556635.html

Impacted products

Vendor

Product

Version

▼

Siemens

Automation License Manager V5

Version: 0 < *

	Siemens	Automation License Manager V6	Version: All versions < V6.0 SP9 Upd4
	Siemens	TeleControl Server Basic V3	Version: 0 < V3.1.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T13:32:59.618Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-476715.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-476715.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-556635.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-43514",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-09T15:20:34.523521Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-09T15:20:46.056Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Automation License Manager V5",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Automation License Manager V6",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V6.0 SP9 Upd4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "TeleControl Server Basic V3",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions \u003c V6.0 SP9 Upd4), TeleControl Server Basic V3 (All versions \u003c V3.1.2). The affected component does not correctly validate the root path on folder related operations, allowing to modify files and folders outside the intended root directory.\r\nThis could allow an unauthenticated remote attacker to execute file operations of files outside of the specified root folder. Chained with CVE-2022-43513 this could allow Remote Code Execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-09T08:34:30.153Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-476715.pdf"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-476715.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-556635.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2022-43514",
    "datePublished": "2023-01-10T11:39:39.909Z",
    "dateReserved": "2022-10-19T13:06:48.747Z",
    "dateUpdated": "2025-04-09T15:20:46.056Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted