Exposure of Resource to Wrong Sphere in Siemens products - CVE-2022-34464
Published: July 13, 2022 / Updated: July 14, 2022
Vulnerability identifier: #VU65258
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-34464
CWE-ID: CWE-668
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Siemens
Affected software:
SICAM GridEdge Essential ARM
SICAM GridEdge Essential with GDS ARM
SICAM GridEdge Essential Intel
SICAM GridEdge Essential with GDS Intel
SICAM GridEdge Essential ARM
SICAM GridEdge Essential with GDS ARM
SICAM GridEdge Essential Intel
SICAM GridEdge Essential with GDS Intel
Detailed vulnerability description
The vulnerability allows a remote attacker to compromise the system.
The vulnerability exists due to improperly protected file to import SSH keys. A remote user can inject a custom SSH key to that .file
How to mitigate CVE-2022-34464
Install updates from vendor's website.