Siemens SICAM GridEdge Essential ARM up to 2.6.5 missing authentication
CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
6.0 | $0-$5k | 0.00 |
A vulnerability classified as critical was found in Siemens SICAM GridEdge Essential ARM, SICAM GridEdge Essential Intel, SICAM GridEdge Essential with GDS ARM and SICAM GridEdge Essential with GDS Intel up to 2.6.5. Affected by this vulnerability is some unknown functionality. The manipulation with an unknown input leads to a missing authentication vulnerability. The CWE definition for the vulnerability is CWE-306. The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:
A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6), SICAM GridEdge Essential Intel (All versions < V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions < V2.6.6), SICAM GridEdge Essential with GDS Intel (All versions < V2.6.6). The affected software does not require authenticated access for privileged functions. This could allow an unauthenticated attacker to change data of an user, such as credentials, in case that user's id is known.
The weakness was published 06/15/2022 as ssa-631336. It is possible to read the advisory at cert-portal.siemens.com. This vulnerability is known as CVE-2022-30229 since 05/04/2022. The technical details are unknown and an exploit is not publicly available.
Upgrading to version 2.6.6 eliminates this vulnerability.
Product
Vendor
Name
- SICAM GridEdge Essential ARM
- SICAM GridEdge Essential Intel
- SICAM GridEdge Essential with GDS ARM
- SICAM GridEdge Essential with GDS Intel
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.3VulDB Meta Temp Score: 6.0
VulDB Base Score: 6.3
VulDB Temp Score: 6.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Missing authenticationCWE: CWE-306 / CWE-287
ATT&CK: Unknown
Local: No
Remote: Partially
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: SICAM GridEdge Essential ARM/SICAM GridEdge Essential Intel/SICAM GridEdge Essential with GDS ARM/SICAM GridEdge Essential with GDS Intel 2.6.6
Timeline
05/04/2022 🔍06/15/2022 🔍
06/15/2022 🔍
06/15/2022 🔍
Sources
Vendor: siemens.comAdvisory: ssa-631336
Status: Confirmed
CVE: CVE-2022-30229 (🔍)
Entry
Created: 06/15/2022 13:18Changes: 06/15/2022 13:18 (40)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.