CVE-2022-43513

HIGH Year: 2022
CVSS v3 Score
7.5
High
Weakness Type
CWE-73
View all →

Vulnerability Description

A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions < V6.0 SP9 Upd4), TeleControl Server Basic V3 (All versions < V3.1.2). The affected components allow to rename license files with user chosen input without authentication. This could allow an unauthenticated remote attacker to rename and move files as SYSTEM user.

Related Vulnerabilities

CVE-2018-14820

HIGH
CVSS:7.5(High)

Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing.

CWE-732018

CVE-2018-7495

HIGH
CVSS:7.5(High)

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAcce...

CWE-732018

CVE-2021-21343

HIGH
CVSS:7.5(High)

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type informat...

CWE-732021

CVE-2021-3845

HIGH
CVSS:7.5(High)

ws-scrcpy is vulnerable to External Control of File Name or Path

CWE-732021

CVE-2022-42732

HIGH
CVSS:7.5(High)

A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper read access control that could...

CWE-732022

CVE-2022-42733

HIGH
CVSS:7.5(High)

A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper read access control that could...

CWE-732022