CVE-2024-22042: A vulnerability has been identified in Unicam FX (All versions). The windows installer agent used in affected product contains incorrect use of...
Description
A vulnerability has been identified in Unicam FX (All versions). The windows installer agent used in affected product contains incorrect use of privileged APIs that trigger the Windows Console Host (conhost.exe) as a child process with SYSTEM privileges. This could be exploited by an attacker to perform a local privilege escalation attack.
Classification
CVE ID: CVE-2024-22042
CVSS Base Severity: HIGH
CVSS Base Score: 7.8
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C
Problem Types
CWE-648: Incorrect Use of Privileged APIsAffected Products
Vendor: Siemens
Product: Unicam FX
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.03% (probability of being exploited)
EPSS Percentile: 8.99% (scored less or equal to compared to others)
EPSS Date: 2025-04-20 (when was this score calculated)
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC Exploitation: none
SSVC Technical Impact: total
SSVC Automatable: false
References
https://nvd.nist.gov/vuln/detail/CVE-2024-22042https://cert-portal.siemens.com/productcert/html/ssa-543502.html