Origin validation error in Siemens products - CVE-2022-30228
Published: June 15, 2022
Vulnerability identifier: #VU64392
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2022-30228
CWE-ID: CWE-346
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Siemens
Affected software:
SICAM GridEdge Essential ARM
SICAM GridEdge Essential Intel
SICAM GridEdge Essential with GDS ARM
SICAM GridEdge Essential with GDS Intel
SICAM GridEdge Essential ARM
SICAM GridEdge Essential Intel
SICAM GridEdge Essential with GDS ARM
SICAM GridEdge Essential with GDS Intel
Detailed vulnerability description
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the affected software does not apply cross-origin resource sharing (CORS) restrictions for critical operations. A remote attacker can trick a victim to access a special resource and execute arbitrary request.
How to mitigate CVE-2022-30228
Install updates from vendor's website.