Password Disclosure Vulnerability in SICAM GridEdge Essential Solutions by Siemens
CVE-2022-30231

4.3MEDIUM

Key Information:

Vendor
Siemens
Status
Sicam Gridedge Essential Arm
Sicam Gridedge Essential Intel
Sicam Gridedge Essential With Gds Arm
Sicam Gridedge Essential With Gds Intel
Vendor
CVE Published:
14 June 2022

Summary

A vulnerability exists in various versions of the SICAM GridEdge Essential software solutions that allows authenticated users to request and retrieve password hashes of other users. This security flaw can lead to unauthorized access if exploited, as it enables a user to obtain sensitive password information from the system.

Affected Version(s)

SICAM GridEdge Essential ARM All versions < V2.6.6

SICAM GridEdge Essential Intel All versions < V2.6.6

SICAM GridEdge Essential with GDS ARM All versions < V2.6.6

References

https://cert-portal.siemens.com/productcert/pdf/ssa-63133...
x_refsource_MISC

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.