CVE-2022-34464

Name of the Vulnerable Software and Affected Versions SICAM GridEdge Essential ARM versions prior to V2.7.3 SICAM GridEdge Essential Intel versions prior to V2.7.3 SICAM GridEdge Essential with GDS ARM versions prior to V2.7.3 SICAM GridEdge Essential with GDS Intel versions prior to V2.7.3

Description A vulnerability has been identified in the affected software, which uses an improperly protected file to import SSH keys. Attackers with access to the filesystem of the host on which SICAM GridEdge runs are able to inject a custom SSH key to that file. This issue is related to the disclosure of information in an erroneous data area, and exploitation may allow a remote attacker to execute arbitrary code.

Recommendations For SICAM GridEdge Essential ARM versions prior to V2.7.3, update to version V2.7.3 or later. For SICAM GridEdge Essential Intel versions prior to V2.7.3, update to version V2.7.3 or later. For SICAM GridEdge Essential with GDS ARM versions prior to V2.7.3, update to version V2.7.3 or later. For SICAM GridEdge Essential with GDS Intel versions prior to V2.7.3, update to version V2.7.3 or later. As a temporary workaround, consider restricting access to the filesystem of the host on which SICAM GridEdge runs to minimize the risk of exploitation.