CVE-2022-30228

Name of the Vulnerable Software and Affected Versions SICAM GridEdge Essential ARM versions prior to V2.6.6 SICAM GridEdge Essential Intel versions prior to V2.6.6 SICAM GridEdge Essential with GDS ARM versions prior to V2.6.6 SICAM GridEdge Essential with GDS Intel versions prior to V2.6.6

Description The affected software does not apply cross-origin resource sharing (CORS) restrictions for critical operations. This allows an attacker to trick a legitimate user into accessing a special resource, potentially executing a malicious request.

Recommendations For SICAM GridEdge Essential ARM versions prior to V2.6.6, update to version V2.6.6 or later. For SICAM GridEdge Essential Intel versions prior to V2.6.6, update to version V2.6.6 or later. For SICAM GridEdge Essential with GDS ARM versions prior to V2.6.6, update to version V2.6.6 or later. For SICAM GridEdge Essential with GDS Intel versions prior to V2.6.6, update to version V2.6.6 or later. As a temporary workaround, consider implementing additional security measures to restrict access to critical operations until the update is applied.