CVE-2022-30231 in SICAM GridEdge Essential ARMinfo

Summary

by MITRE • 06/14/2022

A vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.6.6). The affected application discloses password hashes of other users upon request. This could allow an authenticated user to retrieve another user's password hash.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 11/12/2025

The vulnerability identified in SICAM GridEdge Classic presents a critical authorization flaw that undermines the security posture of industrial control systems. This issue affects all versions prior to V2.6.6 and stems from improper access control mechanisms within the application's user management functionality. The flaw allows authenticated users to exploit a design weakness that enables them to retrieve password hashes belonging to other users within the system. This type of information disclosure represents a significant risk to operational technology environments where user credentials are critical for system access and security.

The technical implementation of this vulnerability resides in the application's insufficient validation of user requests when retrieving password hash information. When an authenticated user makes a request for password hash data, the system fails to properly verify whether the requesting user has legitimate authorization to access the target user's credentials. This oversight creates an authorization bypass condition where users can enumerate and obtain password hashes of other accounts through crafted requests. The vulnerability demonstrates characteristics consistent with CWE-285 - Improper Authorization, which specifically addresses situations where systems fail to properly enforce access controls for sensitive operations.

From an operational impact perspective, this vulnerability significantly weakens the security model of the SICAM GridEdge Classic system and creates multiple attack vectors for malicious actors. An authenticated attacker who gains access to the system can leverage this flaw to escalate privileges and potentially compromise multiple user accounts simultaneously. The disclosure of password hashes enables attackers to perform offline password cracking attacks using tools like hashcat or john the ripper, potentially leading to full system compromise. This vulnerability particularly affects industrial environments where system integrity is paramount and unauthorized access can result in operational disruptions or safety risks.

The attack pattern associated with this vulnerability aligns with ATT&CK technique T1078 - Valid Accounts, as it allows for credential access through legitimate system functionality. An attacker would first need to establish an initial foothold within the system through legitimate authentication, then exploit this vulnerability to obtain additional user credentials. This creates a pathway for lateral movement and privilege escalation within the industrial control environment. Organizations should consider implementing network segmentation and monitoring for unusual authentication patterns that could indicate exploitation attempts. The vulnerability also highlights the importance of proper input validation and access control enforcement, particularly in systems handling sensitive operational data.

Mitigation strategies should focus on immediate software updates to V2.6.6 or later versions where this vulnerability has been addressed. Additionally, organizations should implement strict access controls and monitoring for user account enumeration attempts. Network-level restrictions should be applied to limit unnecessary access to administrative functions, and regular security audits should verify proper implementation of authorization checks. The vulnerability serves as a reminder of the critical importance of maintaining up-to-date industrial control system software and implementing robust security controls for operational technology environments. Organizations should also consider implementing multi-factor authentication and credential hardening measures to reduce the impact of credential compromise.

Reservation

05/04/2022

Disclosure

06/14/2022

Moderation

accepted

CPE

ready

EPSS

0.00572

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!