CVE-2024-22042
Published Feb 13, 2024
Last updated 24 days ago
Overview
- Description
- A vulnerability has been identified in Unicam FX (All versions). The windows installer agent used in affected product contains incorrect use of privileged APIs that trigger the Windows Console Host (conhost.exe) as a child process with SYSTEM privileges. This could be exploited by an attacker to perform a local privilege escalation attack.
- Source
- productcert@siemens.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
- productcert@siemens.com
- CWE-648
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:unicam_fx_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "88AC9450-00F8-421C-86CE-91BD04BE3A24"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:unicam_fx:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "B2A4099D-73A3-442D-AAAE-4C499303EB75"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]