Transmission of Private Resources into a New Sphere ('Resource Leak') in Siemens products - CVE-2022-30231
Published: June 15, 2022
Vulnerability identifier: #VU64398
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-30231
CWE-ID: CWE-402
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Siemens
Affected software:
SICAM GridEdge Essential ARM
SICAM GridEdge Essential Intel
SICAM GridEdge Essential with GDS ARM
SICAM GridEdge Essential with GDS Intel
SICAM GridEdge Essential ARM
SICAM GridEdge Essential Intel
SICAM GridEdge Essential with GDS ARM
SICAM GridEdge Essential with GDS Intel
Detailed vulnerability description
The vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to the affected software discloses password hashes of other users upon request. A remote administrator can retrieve another users password hash.
How to mitigate CVE-2022-30231
Install updates from vendor's website.