CVE-2022-23449

Name of the Vulnerable Software and Affected Versions SIMATIC Energy Manager Basic versions prior to V7.3 Update 1 SIMATIC Energy Manager PRO versions prior to V7.3 Update 1

Description A DLL Hijacking issue could allow a local attacker to execute code with elevated privileges by placing a malicious DLL in one of the directories on the DLL search path. The vulnerability is related to an uncontrolled element in the path search when loading DLL libraries, which may enable an attacker to execute arbitrary code.

Recommendations For SIMATIC Energy Manager Basic versions prior to V7.3 Update 1, update to V7.3 Update 1 or later to resolve the issue. For SIMATIC Energy Manager PRO versions prior to V7.3 Update 1, update to V7.3 Update 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the directories on the DLL search path to minimize the risk of exploitation.