CVE-2021-44524 — Resource Exposure in Siemens Siveillance Identity

CWE-668 — Resource Exposure CWE-287 — Improper Authentication3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.6%

top 31.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Siveillance Identity Siemens Sipass Integrated V2.76 Siemens Sipass Integrated V2.80 +4 more

Timeline

PublishedDec 14

Latest updateDec 15

Description

A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal user authentication service. This could allow an unauthenticated remote attacker to trigger several actions on behalf of valid user accounts.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages7 packages

▶NVDsiemens/sipass_integrated2.76, 2.80, 2.85+2

▶CVEListV5siemens/sipass_integrated_v2.76All versions

▶CVEListV5siemens/sipass_integrated_v2.80All versions

▶CVEListV5siemens/sipass_integrated_v2.85All versions

▶NVDsiemens/siveillance_identity1.6 — 1.6.284.0+1

🔴Vulnerability Details

GHSA

GHSA-7m98-whf4-6699: A vulnerability has been identified in SiPass integrated V2↗2021-12-15

▶

CVEList

CVE-2021-44524: A vulnerability has been identified in SiPass integrated V2↗2021-12-14

▶