CVE-2022-43513

Name of the Vulnerable Software and Affected Versions Automation License Manager V5 (All versions) Automation License Manager V6 versions prior to V6.0 SP9 Upd4 TeleControl Server Basic V3 versions prior to V3.1.2

Description A vulnerability has been identified that allows an unauthenticated remote attacker to rename and move files as a SYSTEM user due to the affected components permitting the renaming of license files with user-chosen input without authentication.

Recommendations For Automation License Manager V5, consider disabling the license file renaming feature until a patch is available. For Automation License Manager V6 versions prior to V6.0 SP9 Upd4, update to V6.0 SP9 Upd4 or later to resolve the issue. For TeleControl Server Basic V3 versions prior to V3.1.2, update to V3.1.2 or later to resolve the issue. As a temporary workaround, restrict access to the license file management component to minimize the risk of exploitation.