Buffer Overflow Vulnerability in SiPass Integrated Server Application by Siemens
CVE-2022-31810

7.5HIGH

Key Information:

Vendor: Siemens
Status: Sipass Integrated
Vendor: CVE Published:; 11 July 2023

Summary

A security flaw in the SiPass Integrated server application allows for a stack-based buffer overflow due to improper size checks of data packets during the configuration client login. This vulnerability permits an unauthenticated remote attacker to exploit the flaw, potentially crashing the server application and resulting in a denial of service condition. Users of all versions prior to V2.90.3.8 should assess their systems for potential risk.

Affected Version(s)

SiPass integrated All versions < V2.90.3.8

References

https://cert-portal.siemens.com/productcert/pdf/ssa-92414...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 11, 2023
Vulnerability Reserved
May 30, 2022