CVE-2022-4983
MEDIUMTEC-IT TBarCode 11.15 - Remote File Creation via INI-based Licensing Handling
Title source: llmDescription
TEC-IT TBarCode version 11.15 contains a vulnerability in the TBarCode11.ocx ActiveX/OCX control's licensing handling (INI-file based) that can be abused to cause remote creation of files on the host filesystem. Depending on where files can be created and which filenames are allowed, this can allow attackers to write files that lead to code execution or persistence under the context of the hosting process.
References (2)
Core 2
Core References
Various Sources release-notes
patch
https://www.tec-it.com/en/software/barcode-software/tbarcode/history/v10/Default.aspx
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/tec-it-tbarcode-sdk-remote-file-create
Scores
CVSS v4
6.9
EPSS
0.0033
EPSS Percentile
25.0%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-73
Status
published
Products (1)
TEC-IT Datenverarbeitung GmbH, Austria/TEC-IT TBarCode
11.15
Published
Nov 12, 2025
Tracked Since
Feb 18, 2026