Siemens SICAM GridEdge Essential ARM up to 2.6.5 missing authentication
CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
6.0 | $0-$5k | 0.00 |
A vulnerability, which was classified as critical, has been found in Siemens SICAM GridEdge Essential ARM, SICAM GridEdge Essential Intel, SICAM GridEdge Essential with GDS ARM and SICAM GridEdge Essential with GDS Intel up to 2.6.5. Affected by this issue is an unknown part. The manipulation with an unknown input leads to a missing authentication vulnerability. Using CWE to declare the problem leads to CWE-306. The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Impacted is confidentiality, integrity, and availability. CVE summarizes:
A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6), SICAM GridEdge Essential Intel (All versions < V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions < V2.6.6), SICAM GridEdge Essential with GDS Intel (All versions < V2.6.6). The affected software does not require authenticated access for privileged functions. This could allow an unauthenticated attacker to create a new user with administrative permissions.
The weakness was released 06/15/2022 as ssa-631336. The advisory is shared for download at cert-portal.siemens.com. This vulnerability is handled as CVE-2022-30230 since 05/04/2022. There are neither technical details nor an exploit publicly available.
Upgrading to version 2.6.6 eliminates this vulnerability.
Product
Vendor
Name
- SICAM GridEdge Essential ARM
- SICAM GridEdge Essential Intel
- SICAM GridEdge Essential with GDS ARM
- SICAM GridEdge Essential with GDS Intel
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.3VulDB Meta Temp Score: 6.0
VulDB Base Score: 6.3
VulDB Temp Score: 6.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Missing authenticationCWE: CWE-306 / CWE-287
ATT&CK: Unknown
Local: No
Remote: Partially
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: SICAM GridEdge Essential ARM/SICAM GridEdge Essential Intel/SICAM GridEdge Essential with GDS ARM/SICAM GridEdge Essential with GDS Intel 2.6.6
Timeline
05/04/2022 🔍06/15/2022 🔍
06/15/2022 🔍
06/15/2022 🔍
Sources
Vendor: siemens.comAdvisory: ssa-631336
Status: Confirmed
CVE: CVE-2022-30230 (🔍)
Entry
Created: 06/15/2022 13:18Changes: 06/15/2022 13:18 (40)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.