CVE-2022-30229

A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6), SICAM GridEdge Essential Intel (All versions < V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions < V2.6.6), SICAM GridEdge Essential with GDS Intel (All versions < V2.6.6). The affected software does not require authenticated access for privileged functions. This could allow an unauthenticated attacker to change data of an user, such as credentials, in case that user's id is known.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:siemens:sicam_gridedge_essential:*:*:*:*:arm:*:*:*
cpe:2.3:a:siemens:sicam_gridedge_essential:*:*:*:*:gds_arm:*:*:*
cpe:2.3:a:siemens:sicam_gridedge_essential:*:*:*:*:gds_intel:*:*:*
cpe:2.3:a:siemens:sicam_gridedge_essential:*:*:*:*:intel:*:*:*

History

21 Nov 2024, 07:02

Type Values Removed Values Added
References () https://cert-portal.siemens.com/productcert/pdf/ssa-631336.pdf - Patch, Vendor Advisory () https://cert-portal.siemens.com/productcert/pdf/ssa-631336.pdf - Patch, Vendor Advisory

23 Jun 2022, 12:37

Type Values Removed Values Added
CWE CWE-287
CVSS v2 : unknown
v3 : unknown
v2 : 5.0
v3 : 5.3
CPE cpe:2.3:a:siemens:sicam_gridedge_essential:*:*:*:*:intel:*:*:*
cpe:2.3:a:siemens:sicam_gridedge_essential:*:*:*:*:gds_arm:*:*:*
cpe:2.3:a:siemens:sicam_gridedge_essential:*:*:*:*:arm:*:*:*
cpe:2.3:a:siemens:sicam_gridedge_essential:*:*:*:*:gds_intel:*:*:*
References (MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-631336.pdf - (MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-631336.pdf - Patch, Vendor Advisory

14 Jun 2022, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-06-14 10:15

Updated : 2024-11-21 07:02


NVD link : CVE-2022-30229

Mitre link : CVE-2022-30229

CVE.ORG link : CVE-2022-30229


JSON object : View

Products Affected

siemens

  • sicam_gridedge_essential
CWE
CWE-306

Missing Authentication for Critical Function

CWE-287

Improper Authentication