CVE-2022-30229

A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6), SICAM GridEdge Essential Intel (All versions < V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions < V2.6.6), SICAM GridEdge Essential with GDS Intel (All versions < V2.6.6). The affected software does not require authenticated access for privileged functions. This could allow an unauthenticated attacker to change data of an user, such as credentials, in case that user's id is known.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:siemens:sicam_gridedge_essential:*:*:*:*:arm:*:*:*
cpe:2.3:a:siemens:sicam_gridedge_essential:*:*:*:*:gds_arm:*:*:*
cpe:2.3:a:siemens:sicam_gridedge_essential:*:*:*:*:gds_intel:*:*:*
cpe:2.3:a:siemens:sicam_gridedge_essential:*:*:*:*:intel:*:*:*

History

23 Jun 2022, 12:37

Type Values Removed Values Added
CWE CWE-287
CVSS v2 : unknown
v3 : unknown
v2 : 5.0
v3 : 5.3
CPE cpe:2.3:a:siemens:sicam_gridedge_essential:*:*:*:*:intel:*:*:*
cpe:2.3:a:siemens:sicam_gridedge_essential:*:*:*:*:gds_arm:*:*:*
cpe:2.3:a:siemens:sicam_gridedge_essential:*:*:*:*:arm:*:*:*
cpe:2.3:a:siemens:sicam_gridedge_essential:*:*:*:*:gds_intel:*:*:*
References (MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-631336.pdf - (MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-631336.pdf - Patch, Vendor Advisory

14 Jun 2022, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-06-14 10:15

Updated : 2024-02-04 22:29


NVD link : CVE-2022-30229

Mitre link : CVE-2022-30229

CVE.ORG link : CVE-2022-30229


JSON object : View

Products Affected

siemens

  • sicam_gridedge_essential
CWE
CWE-287

Improper Authentication

CWE-306

Missing Authentication for Critical Function