CVE-2024-22042 HIGH

CVE-2024-22042

Vendor Siemens
Product Unicam FX
Weakness CWE-648
Published February 13, 2024
Last update April 10, 2025

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C

What the vulnerability does

01Description

A vulnerability has been identified in Unicam FX (All versions). The windows installer agent used in affected product contains incorrect use of privileged APIs that trigger the Windows Console Host (conhost.exe) as a child process with SYSTEM privileges. This could be exploited by an attacker to perform a local privilege escalation attack.

Key dates

02Disclosure timeline

February 13, 2024 CVE published
April 10, 2025 Record updated