VDB
ICSA-22-258-01
ICSA-22-258-01
PUBLISHED
CVSS 7.800000190734863 HIGH
The default installation of the Windows version of the CoreShield One- Way Gateway (OWG) software sets insecure file permissions that could allow a local attacker to escalate privileges to local administrator. Siemens Mobility has released an update for the CoreShield OWG software and recommends to update to the latest version.
Risk Scores
CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| CoreShield One-Way Gateway (OWG) Software |
Timeline
- Sep 13, 2022 CVE Published
References
- https://cert-portal.siemens.com/productcert/csaf/ssa-589975.json advisory
- https://cert-portal.siemens.com/productcert/txt/ssa-589975.txt advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-589975.pdf advisory
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-258-01.json advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-22-258-01 advisory
- https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 url
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
- https://www.cisa.gov/topics/industrial-control-systems url
- https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
- https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B url