CVE-2022-35868

Name of the Vulnerable Software and Affected Versions TIA Multiuser Server versions prior to V15.1 Update 8 TIA Project-Server versions prior to V1.1 TIA Project-Server V16 (All versions) TIA Project-Server V17 versions prior to V17 Update 6

Description The issue is related to an untrusted search path vulnerability. This could allow an attacker to escalate privileges by tricking a legitimate user into starting the service from an attacker-controlled path. The vulnerability is associated with the use of an untrusted search path in the software.

Recommendations For TIA Multiuser Server versions prior to V15.1 Update 8, update to V15.1 Update 8 or later. For TIA Project-Server versions prior to V1.1, update to V1.1 or later. For TIA Project-Server V16, consider disabling the service until a patch is available. For TIA Project-Server V17 versions prior to V17 Update 6, update to V17 Update 6 or later.