CVE-2022-34464

A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions), SICAM GridEdge Essential Intel (All versions < V2.7.3), SICAM GridEdge Essential with GDS ARM (All versions), SICAM GridEdge Essential with GDS Intel (All versions < V2.7.3). Affected software uses an improperly protected file to import SSH keys. Attackers with access to the filesystem of the host on which SICAM GridEdge runs, are able to inject a custom SSH key to that file.

CVSS v3 5.5 MEDIUM
CVSS v2.0 2.1 LOW

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-225578.pdf	Mitigation Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:siemens:sicam_gridedge_essential_arm:-:::::::*
	cpe:2.3:a:siemens:sicam_gridedge_essential_gds_arm:-:::::::*
	cpe:2.3:a:siemens:sicam_gridedge_essential_gds_intel::::::::
	cpe:2.3:a:siemens:sicam_gridedge_essential_intel::::::::

History

No history.

Information

Published : 2022-07-12 10:15

Updated : 2024-02-28 19:29

NVD link : CVE-2022-34464

Mitre link : CVE-2022-34464

CVE.ORG link : CVE-2022-34464

JSON object : View

Products Affected

siemens

sicam_gridedge_essential_gds_arm
sicam_gridedge_essential_gds_intel
sicam_gridedge_essential_arm
sicam_gridedge_essential_intel

CWE

CWE-668

Exposure of Resource to Wrong Sphere

{"id": "CVE-2022-34464", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2022-07-12T10:15:11.983", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-225578.pdf", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "source": "productcert@siemens.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-668"}]}, {"type": "Secondary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-668"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions), SICAM GridEdge Essential Intel (All versions < V2.7.3), SICAM GridEdge Essential with GDS ARM (All versions), SICAM GridEdge Essential with GDS Intel (All versions < V2.7.3). Affected software uses an improperly protected file to import SSH keys. Attackers with access to the filesystem of the host on which SICAM GridEdge runs, are able to inject a custom SSH key to that file."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en SICAM GridEdge Essential ARM (Todas las versiones), SICAM GridEdge Essential Intel (Todas las versiones anteriores a V2.7.3), SICAM GridEdge Essential con GDS ARM (Todas las versiones), SICAM GridEdge Essential con GDS Intel (Todas las versiones anteriores a V2.7.3). El software afectado usa un archivo protegido inapropiadamente para importar claves SSH. Los atacantes con acceso al sistema de archivos del host en el que es ejecutado SICAM GridEdge, son capaces de inyectar una clave SSH personalizada en ese archivo"}], "lastModified": "2022-07-19T19:07:15.487", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siemens:sicam_gridedge_essential_arm:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F730CE4-4022-41CD-81EA-7D57B456AD7C"}, {"criteria": "cpe:2.3:a:siemens:sicam_gridedge_essential_gds_arm:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1362D50B-0EB3-4954-B0B5-7DBE1A0580E0"}, {"criteria": "cpe:2.3:a:siemens:sicam_gridedge_essential_gds_intel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD8E058C-344A-4280-B1A5-7102854B484B", "versionEndExcluding": "2.7.3"}, {"criteria": "cpe:2.3:a:siemens:sicam_gridedge_essential_intel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7ADDD625-3497-4291-9093-6FA162C7F05F", "versionEndExcluding": "2.7.3"}], "operator": "OR"}]}], "sourceIdentifier": "productcert@siemens.com"}