CVE-2022-44731

MEDIUM

SIMATIC WinCC OA - Command Injection

Title source: llm

Description

A vulnerability has been identified in SIMATIC WinCC OA V3.15 (All versions < V3.15 P038), SIMATIC WinCC OA V3.16 (All versions < V3.16 P035), SIMATIC WinCC OA V3.17 (All versions < V3.17 P024), SIMATIC WinCC OA V3.18 (All versions < V3.18 P014). The affected component allows to inject custom arguments to the Ultralight Client backend application under certain circumstances. This could allow an authenticated remote attacker to inject arbitrary parameters when starting the client via the web interface (e.g., open attacker chosen panels with the attacker's credentials or start a Ctrl script).

References (1)

[Patch, Vendor Advisory] https://cert-portal.siemens.com/productcert/pdf/ssa-547714.pdf

Scores

CVSS v3 5.4

EPSS 0.0019

EPSS Percentile 41.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-88

Status published

Products (4)

siemens/simatic_wincc_oa 3.15

siemens/simatic_wincc_oa 3.16

siemens/simatic_wincc_oa 3.17

siemens/simatic_wincc_oa 3.18

Published Dec 13, 2022

Tracked Since Feb 18, 2026