A vulnerability has been identified in TIA Multiuser Server V14 (All versions), TIA Multiuser Server V15 (All versions < V15.1 Update 8), TIA Project-Server  (All versions < V1.1), TIA Project-Server V16 (All versions), TIA Project-Server V17 (All versions < V17 Update 6). Affected applications contain an untrusted search path vulnerability that could allow an attacker to escalate privileges, when tricking a legitimate user to start the service from an attacker controlled path.

A vulnerability has been identified in TIA Multiuser Server V14 (All versions), TIA Multiuser Server V15 (All versions < V15.1 Update 8), TIA Project-Server (All versions < V1.1), TIA Project-Server V16 (All versions), TIA Project-Server V17 (All versions < V17 Update 6). Affected applications contain an untrusted search path vulnerability that could allow an attacker to escalate privileges, when tricking a legitimate user to start the service from an attacker controlled path.

Siemens AG https://cert-portal.siemens.com/productcert/html/ssa-640968.html [No types assigned]

OR
     *cpe:2.3:a:siemens:tia_multiuser_server:14:*:*:*:*:*:*:*
     *cpe:2.3:a:siemens:tia_multiuser_server:15:*:*:*:*:*:*:*
     *cpe:2.3:a:siemens:tia_multiuser_server:15.1:-:*:*:*:*:*:*
     *cpe:2.3:a:siemens:tia_multiuser_server:16:*:*:*:*:*:*:*
     *cpe:2.3:a:siemens:tia_project-server:1.0:*:*:*:*:*:*:*
     *cpe:2.3:a:siemens:tia_project-server:16:*:*:*:*:*:*:*
     *cpe:2.3:a:siemens:tia_project-server:17:*:*:*:*:*:*:*

OR
     *cpe:2.3:a:siemens:tia_multiuser_server:14:*:*:*:*:*:*:*
     *cpe:2.3:a:siemens:tia_multiuser_server:15:*:*:*:*:*:*:*
     *cpe:2.3:a:siemens:tia_multiuser_server:15.1:-:*:*:*:*:*:*
     *cpe:2.3:a:siemens:tia_multiuser_server:16:*:*:*:*:*:*:*
     *cpe:2.3:a:siemens:tia_project-server:1.0:*:*:*:*:*:*:*
     *cpe:2.3:a:siemens:tia_project-server:17:-:*:*:*:*:*:*
     *cpe:2.3:a:siemens:tia_project-server:17:update1:*:*:*:*:*:*
     *cpe:2.3:a:siemens:tia_project-server:17:update4:*:*:*:

NIST CWE-426

A vulnerability has been identified in TIA Multiuser Server V14 (All versions), TIA Multiuser Server V15 (All versions < V15.1 Update 8), TIA Project-Server (All versions < V1.1), TIA Project-Server V16 (All versions), TIA Project-Server V17 (All versions). Affected applications contain an untrusted search path vulnerability that could allow an attacker to escalate privileges, when tricking a legitimate user to start the service from an attacker controlled path.

A vulnerability has been identified in TIA Multiuser Server V14 (All versions), TIA Multiuser Server V15 (All versions < V15.1 Update 8), TIA Project-Server  (All versions < V1.1), TIA Project-Server V16 (All versions), TIA Project-Server V17 (All versions < V17 Update 6). Affected applications contain an untrusted search path vulnerability that could allow an attacker to escalate privileges, when tricking a legitimate user to start the service from an attacker controlled path.

OR
     *cpe:2.3:a:siemens:tia_multiuser_server:14:*:*:*:*:*:*:*
     *cpe:2.3:a:siemens:tia_multiuser_server:15:*:*:*:*:*:*:*
     *cpe:2.3:a:siemens:tia_multiuser_server:15.1:-:*:*:*:*:*:*
     *cpe:2.3:a:siemens:tia_multiuser_server:16:*:*:*:*:*:*:*
     *cpe:2.3:a:siemens:tia_project-server:1.0:*:*:*:*:*:*:*
     *cpe:2.3:a:siemens:tia_project-server:16:*:*:*:*:*:*:*
     *cpe:2.3:a:siemens:tia_project-server:17:*:*:*:*:*:*:*

NIST AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

https://cert-portal.siemens.com/productcert/pdf/ssa-640968.pdf No Types Assigned

https://cert-portal.siemens.com/productcert/pdf/ssa-640968.pdf Vendor Advisory