PT-2022-20024 · Siemens · Sicam Gridedge Essential Arm+3
Published
2022-06-14
·
Updated
2022-06-23
·
CVE-2022-30229
CVSS v4.0
8.6
High
| Vector | AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
SICAM GridEdge Essential ARM versions prior to 2.6.6
SICAM GridEdge Essential Intel versions prior to 2.6.6
SICAM GridEdge Essential with GDS ARM versions prior to 2.6.6
SICAM GridEdge Essential with GDS Intel versions prior to 2.6.6
Description
A vulnerability has been identified in the affected software, where it does not require authenticated access for privileged functions. This could allow an unauthenticated attacker to change a user's data, such as credentials, if the user's
id is known.Recommendations
For SICAM GridEdge Essential ARM versions prior to 2.6.6, update to version 2.6.6 or later.
For SICAM GridEdge Essential Intel versions prior to 2.6.6, update to version 2.6.6 or later.
For SICAM GridEdge Essential with GDS ARM versions prior to 2.6.6, update to version 2.6.6 or later.
For SICAM GridEdge Essential with GDS Intel versions prior to 2.6.6, update to version 2.6.6 or later.
Fix
Missing Authentication
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sicam Gridedge Essential Arm
Sicam Gridedge Essential Intel
Sicam Gridedge Essential With Gds Arm
Sicam Gridedge Essential With Gds Intel