SSA-563922 — Vulnetix

SSA-563922 PUBLISHED CVSS 8.100000381469727 HIGH

Nullsoft Scriptable Install System (NSIS) before 3.11 on Windows allows local users to escalate privileges to SYSTEM during an installation, because the temporary plugins directory is created under %WINDIR%\temp and unprivileged users can place a crafted executable file by winning a race condition. This occurs because EW_CREATEDIR does not always set the CreateRestrictedDirectory error flag.

Risk Scores

CVSS 3.1

8.100000381469727

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Siemens	SIMATIC Technology Package TPCamGen (6ES7823-0FE30-1AA0)
Siemens	SIMOTION OALECO (6AU1820-3HA20-0AB0)
Siemens	SIMOTION OAVIBX (6AU1820-3CA20-0AB0)
Siemens	SIMOTION OACAMGEN (6AU1820-3EA20-0AB0)
Siemens	SIMOTION OA MIIF (6AU1820-3DA20-0AB0)

Timeline

Sep 9, 2025 CVE Published

References

https://cert-portal.siemens.com/productcert/csaf/ssa-563922.json advisory
https://cert-portal.siemens.com/productcert/html/ssa-563922.html advisory

Open in Interactive Console →