#VU65258 Exposure of Resource to Wrong Sphere in Siemens Other software


Published: 2022-07-13 | Updated: 2022-07-14

Vulnerability identifier: #VU65258

Vulnerability risk: Medium

CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-34464

CWE-ID: CWE-668

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
SICAM GridEdge Essential ARM
Other software / Other software solutions
SICAM GridEdge Essential with GDS ARM
Other software / Other software solutions
SICAM GridEdge Essential Intel
Other software / Other software solutions
SICAM GridEdge Essential with GDS Intel
Other software / Other software solutions

Vendor: Siemens

Description

The vulnerability allows a remote attacker to compromise the system.

The vulnerability exists due to improperly protected file to import SSH keys. A remote user can inject a custom SSH key to that .file

Mitigation
Install updates from vendor's website.

Vulnerable software versions

SICAM GridEdge Essential ARM: All versions

SICAM GridEdge Essential with GDS ARM: All versions

External links
http://cert-portal.siemens.com/productcert/pdf/ssa-225578.pdficsa-22-195-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Exposure of Resource to Wrong Sphere in Siemens SICAM GridEdge