Unrated severityNVD Advisory· Published Dec 13, 2022· Updated Apr 21, 2025
CVE-2022-44731
CVE-2022-44731
Description
A vulnerability has been identified in SIMATIC WinCC OA V3.15 (All versions < V3.15 P038), SIMATIC WinCC OA V3.16 (All versions < V3.16 P035), SIMATIC WinCC OA V3.17 (All versions < V3.17 P024), SIMATIC WinCC OA V3.18 (All versions < V3.18 P014). The affected component allows to inject custom arguments to the Ultralight Client backend application under certain circumstances.
This could allow an authenticated remote attacker to inject arbitrary parameters when starting the client via the web interface (e.g., open attacker chosen panels with the attacker's credentials or start a Ctrl script).
Affected products
5V3.15 < V3.15 P038; V3.16 < V3.16 P035; V3.17 < V3.17 P024; V3.18 < V3.18 P014+ 4 more
- (no CPE)range: V3.15 < V3.15 P038; V3.16 < V3.16 P035; V3.17 < V3.17 P024; V3.18 < V3.18 P014
- (no CPE)range: All versions < V3.15 P038
- (no CPE)range: All versions < V3.16 P035
- (no CPE)range: All versions < V3.17 P024
- (no CPE)range: All versions < V3.18 P014
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.