#VU65258 Exposure of Resource to Wrong Sphere in Siemens products - CVE-2022-34464


| Updated: 2022-07-14

Vulnerability identifier: #VU65258

Vulnerability risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-34464

CWE-ID: CWE-668

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
SICAM GridEdge Essential ARM
Other software / Other software solutions
SICAM GridEdge Essential with GDS ARM
Other software / Other software solutions
SICAM GridEdge Essential Intel
Other software / Other software solutions
SICAM GridEdge Essential with GDS Intel
Other software / Other software solutions

Vendor: Siemens

Description

The vulnerability allows a remote attacker to compromise the system.

The vulnerability exists due to improperly protected file to import SSH keys. A remote user can inject a custom SSH key to that .file

Mitigation
Install updates from vendor's website.

Vulnerable software versions

SICAM GridEdge Essential ARM: All versions

SICAM GridEdge Essential with GDS ARM: All versions

SICAM GridEdge Essential Intel: before 2.7.3

SICAM GridEdge Essential with GDS Intel: before 2.7.3

External links
https://cert-portal.siemens.com/productcert/pdf/ssa-225578.pdficsa-22-195-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Exposure of Resource to Wrong Sphere in Siemens SICAM GridEdge