Lucene search

[email protected]CVE-2022-34464

HistoryJul 12, 2022 - 10:15 a.m.

CVE-2022-34464

2022-07-1210:15:11

CWE-668

[email protected]

web.nvd.nist.gov

cve-2022-34464

sicam gridedge

ssh key injection

software vulnerability

nvd

cybersecurity

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

5.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.6%

JSON

A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions), SICAM GridEdge Essential Intel (All versions < V2.7.3), SICAM GridEdge Essential with GDS ARM (All versions), SICAM GridEdge Essential with GDS Intel (All versions < V2.7.3). Affected software uses an improperly protected file to import SSH keys. Attackers with access to the filesystem of the host on which SICAM GridEdge runs, are able to inject a custom SSH key to that file.

Affected configurations

NVD

Node

siemenssicam_gridedge_essential_armMatch-

siemenssicam_gridedge_essential_gds_armMatch-

siemenssicam_gridedge_essential_gds_intelRange<2.7.3

siemenssicam_gridedge_essential_intelRange<2.7.3

CPENameOperatorVersion
siemens:sicam_gridedge_essential_armsiemens sicam gridedge essential armeq-
siemens:sicam_gridedge_essential_gds_armsiemens sicam gridedge essential gds armeq-
siemens:sicam_gridedge_essential_gds_intelsiemens sicam gridedge essential gds intellt2.7.3
siemens:sicam_gridedge_essential_intelsiemens sicam gridedge essential intellt2.7.3

CPE	Name	Operator	Version
siemens:sicam_gridedge_essential_arm	siemens sicam gridedge essential arm	eq	-
siemens:sicam_gridedge_essential_gds_arm	siemens sicam gridedge essential gds arm	eq	-
siemens:sicam_gridedge_essential_gds_intel	siemens sicam gridedge essential gds intel	lt	2.7.3
siemens:sicam_gridedge_essential_intel	siemens sicam gridedge essential intel	lt	2.7.3

CNA Affected

[
  {
    "product": "SICAM GridEdge Essential ARM",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "SICAM GridEdge Essential Intel",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V2.7.3"
      }
    ]
  },
  {
    "product": "SICAM GridEdge Essential with GDS ARM",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "SICAM GridEdge Essential with GDS Intel",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V2.7.3"
      }
    ]
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-225578.pdf

Social References

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

5.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.6%

JSON

Related for CVE-2022-34464

ics1 nvd1 prion1 cvelist1