PT-2022-26647 · Siemens · Syngo Dynamics

Published

2022-11-17

Updated

2022-11-21

CVE-2022-42893

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions syngo Dynamics versions prior to VA40G HF01

Description A vulnerability has been identified in the syngo Dynamics application server, which hosts a web service using an operation with improper write access control. This could allow writing data in any folder accessible to the account assigned to the website's application pool.

Recommendations For versions prior to VA40G HF01, update to VA40G HF01 or later to resolve the issue. As a temporary workaround, consider restricting write access to sensitive folders to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-610CWE-73

Related Identifiers

CVE-2022-42893

Affected Products

Syngo Dynamics

PT-2022-26647 · Siemens · Syngo Dynamics

CVE-2022-42893

Weakness Enumeration

Related Identifiers

Affected Products

References · 4