CVE-2022-30231
published 2022-06-14CVE-2022-30231: A vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.6.6). The affected application discloses password hashes of other users upon…
PriorityP421medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EPSS
0.57%
43.0th percentile
A vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.6.6). The affected application discloses password hashes of other users upon request. This could allow an authenticated user to retrieve another user's password hash.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | sicam_gridedge | < V2.6.6 | V2.6.6 |
| siemens | sicam_gridedge_essential | < 2.6.6 | 2.6.6 |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvdv4.06.9MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens SICAM GridEdge
cisa_ics·2022-06-16·CVSS 8.6
[HIGH] Siemens SICAM GridEdge
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SICAM GridEdge
Last RevisedJune 16, 2022
Alert CodeICSA-22-167-08
## 1. EXECUTIVE SUMMARY
- CVSS v3 10.0
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SICAM GridEdge Essential ARM
- Vulnerabilities: Missing Authentication for Critical Function, Resource Leak
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker access to critical API functions, cross-origin resource sharing, and credentials.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following Siemens products are affecte
GHSA
GHSA-9rc7-jmvv-4fhr: A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2
ghsa_unreviewed·2022-06-15
CVE-2022-30231 [MEDIUM] CWE-402 GHSA-9rc7-jmvv-4fhr: A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2
A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6), SICAM GridEdge Essential Intel (All versions < V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions < V2.6.6), SICAM GridEdge Essential with GDS Intel (All versions < V2.6.6). The affected software discloses password hashes of other users upon request. This could allow an authenticated user to retrieve another users password hash.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-06-14
Published