CVE-2022-30229
published 2022-06-14CVE-2022-30229: A vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.6.6). The affected application does not require authenticated access for…
PriorityP430medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
EPSS
0.71%
48.8th percentile
A vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.6.6). The affected application does not require authenticated access for privileged functions. This could allow an unauthenticated attacker to change data of a user, such as credentials, in case that user's id is known.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | sicam_gridedge | < V2.6.6 | V2.6.6 |
| siemens | sicam_gridedge_essential | < 2.6.6 | 2.6.6 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvdv4.08.6HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens SICAM GridEdge
cisa_ics·2022-06-16·CVSS 8.6
[HIGH] Siemens SICAM GridEdge
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SICAM GridEdge
Last RevisedJune 16, 2022
Alert CodeICSA-22-167-08
## 1. EXECUTIVE SUMMARY
- CVSS v3 10.0
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SICAM GridEdge Essential ARM
- Vulnerabilities: Missing Authentication for Critical Function, Resource Leak
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker access to critical API functions, cross-origin resource sharing, and credentials.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following Siemens products are affecte
GHSA
GHSA-w7w8-pmxh-5jhc: A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2
ghsa_unreviewed·2022-06-15
CVE-2022-30229 [MEDIUM] CWE-287 GHSA-w7w8-pmxh-5jhc: A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2
A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6), SICAM GridEdge Essential Intel (All versions < V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions < V2.6.6), SICAM GridEdge Essential with GDS Intel (All versions < V2.6.6). The affected software does not require authenticated access for privileged functions. This could allow an unauthenticated attacker to change data of an user, such as credentials, in case that user's id is known.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-06-14
Published