IM
IronMonkey Threat Research

CVE-2022-34659 HIGH

Published: 2022-08-10 | Last Modified: 2026-07-14 | Status: Modified

Description

A vulnerability has been identified in Simcenter STAR-CCM+ (All versions only if the Power-on-Demand public license server is used). Affected applications expose user, host and display name of users, when the public license server is used. This could allow an attacker to retrieve this information.

Additional Descriptions (1)

Se ha identificado una vulnerabilidad en Simcenter STAR-CCM+ (Todas las versiones sólo si es usado el servidor de licencias públicas Power-on-Demand). Las aplicaciones afectadas exponen el usuario, el host y el nombre de pantalla de los usuarios, cuando se usa el servidor público de licencias. Esto podría permitir a un atacante recuperar esta información

CVSS Metrics

Base Score: 5.3 (MEDIUM)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack VectorNETWORK
Attack ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactLOW
Integrity ImpactNONE
Availability ImpactNONE

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 1.4

Base Score: 6.9 (MEDIUM)

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack VectorNETWORK
Attack ComplexityLOW
Attack RequirementsNONE
Privileges RequiredNONE
User InteractionNONE
Vulnerability ConfidentialityLOW
Vulnerability IntegrityNONE
Vulnerability AvailabilityNONE
Subsequent ConfidentialityNONE
Subsequent IntegrityNONE
Subsequent AvailabilityNONE

Source: [email protected]

Type: Secondary

Weaknesses

Source Type Description
[email protected] Secondary
en CWE-200

Affected Products

Vendor Product Version Update Type
siemens simcenter_star-ccm\+_viewer * <built-in method update of dict object at 0x702ba6eda300> Application

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:siemens:simcenter_star-ccm\+_viewer:*:*:*:*:*:*:*:*
Notification
Message here