EUVD-2022-35436

Malicious code in bioql PyPI...

CVE-2022-30229

A vulnerability has been identified in SICAM GridEdge Classic All versions V2.6.6. The affected application does not require authenticated access for privileged functions. This could allow an unauthenticated attacker to change data of a user, such as credentials, in case that user's id is known...

CVE-2022-30231

A vulnerability has been identified in SICAM GridEdge Classic All versions V2.6.6. The affected application discloses password hashes of other users upon request. This could allow an authenticated user to retrieve another user's password hash...

CVE-2022-30228

A vulnerability has been identified in SICAM GridEdge Classic All versions V2.6.6. The affected software does not apply cross-origin resource sharing CORS restrictions for critical operations. In case an attacker tricks a legitimate user into accessing a special resource a malicious request could...

CVE-2022-30229

A vulnerability has been identified in SICAM GridEdge Classic All versions V2.6.6. The affected application does not require authenticated access for privileged functions. This could allow an unauthenticated attacker to change data of a user, such as credentials, in case that user's id is known...

CVE-2022-30230

A vulnerability has been identified in SICAM GridEdge Classic All versions V2.6.6. The affected application does not require authenticated access for privileged functions. This could allow an unauthenticated attacker to create a new user with administrative permissions...

Design/Logic Flaw

A vulnerability has been identified in SICAM GridEdge Essential ARM All versions V2.6.6, SICAM GridEdge Essential Intel All versions V2.6.6, SICAM GridEdge Essential with GDS ARM All versions V2.6.6, SICAM GridEdge Essential with GDS Intel All versions V2.6.6. The affected software does not requi...

CVE-2022-30231

CVE-2022-30231 affects Siemens SICAM GridEdge Essential products (ARM/Intel variants, with/without GDS) and SICAM GridEdge Classic in affected ranges, where prior to v2.6.6 a resource-leak exposes password hashes of other users upon request. The vulnerability enables an authenticated user to retr...

CVE-2022-30230

CVE-2022-30230 affects Siemens SICAM GridEdge components (Essential ARM/Intel, with/without GDS) prior to version 2.6.6. The vulnerability arises from missing authentication for privileged functions, allowing an unauthenticated attacker to create a new user with administrative permissions. The is...

CVE-2022-30229

A vulnerability has been identified in SICAM GridEdge Classic All versions V2.6.6. The affected application does not require authenticated access for privileged functions. This could allow an unauthenticated attacker to change data of a user, such as credentials, in case that user's id is known...

CVE-2022-30228

CVE-2022-30228 affects Siemens SICAM GridEdge Classic (all versions

Siemens SICAM GridEdge Essential 授权问题漏洞

SICAM GridEdge enables IoT functionality in your existing IEC 61850 devices with just a few clicks.Siemens SICAM GridEdge is vulnerable to an authentication error, which stems from the fact that the affected software does not require authenticated access to privileged functions and can be exploit...