How severe is CVE-2022-44731?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.4 out of 10.

What type of vulnerability is CVE-2022-44731?

This is classified as CWE-88, which is a common weakness in software security.

CVE-2022-44731 - MEDIUM Severity | CVSS 5.4

Vulnerability Description

A vulnerability has been identified in SIMATIC WinCC OA V3.15 (All versions < V3.15 P038), SIMATIC WinCC OA V3.16 (All versions < V3.16 P035), SIMATIC WinCC OA V3.17 (All versions < V3.17 P024), SIMATIC WinCC OA V3.18 (All versions < V3.18 P014). The affected component allows to inject custom arguments to the Ultralight Client backend application under certain circumstances. This could allow an authenticated remote attacker to inject arbitrary parameters when starting the client via the web interface (e.g., open attacker chosen panels with the attacker's credentials or start a Ctrl script).

Related Vulnerabilities

CVE-2019-5804

MEDIUM

CVSS:5.5(Medium)

Incorrect command line processing in Chrome in Google Chrome prior to 73.0.3683.75 allowed a local attacker to perform domain spoofing via a crafted domain name.

CWE-882019

CVE-2022-31246

MEDIUM

CVSS:5.5(Medium)

paymentrequest.py in Electrum before 4.2.2 allows a file:// URL in the r parameter of a payment request (e.g., within QR code data). On Windows, this can lead to capture of credentials over SMB. On Li...

CWE-882022

CVE-2023-39287

MEDIUM

CVSS:5.5(Medium)

A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an authenticated attacker with elevated privileges and internal network access to con...

CWE-882023

CVE-2023-39288

MEDIUM

CVSS:5.5(Medium)

A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an authenticated attacker with elevated privileges and internal network access to con...

CWE-882023

CVE-2024-20444

MEDIUM

CVSS:5.5(Medium)

A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC), formerly Cisco Data Center Network Manager (DCNM), could allow an authenticated, remote attacker with network-admin privileges to per...

CWE-882024

CVE-2024-3367

MEDIUM

CVSS:5.5(Medium)

Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1.0, <2.2.0p26 and <2.3.0b5 allows local attacker to inject one argument to runmqsc

CWE-882024