A vulnerability has been identified in Siemens License Server (SLS) (All versions < V4.3). The affected application searches for executable files in the application folder without proper validation. This could allow an attacker to execute arbitrary code with administrative privileges by placing a malicious executable in the same directory.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.