Improperly Protected File Vulnerability in SICAM GridEdge Essential by Siemens
CVE-2022-34464

5.3MEDIUM

Key Information:

Vendor: Siemens
Status: Sicam Gridedge (classic)
Vendor: CVE Published:; 12 July 2022

What is CVE-2022-34464?

A vulnerability exists within SICAM GridEdge Essential products, where an improperly secured file allows the importation of SSH keys. This flaw enables attackers with filesystem access to the host system to inject malicious SSH keys, potentially compromising secure connections and allowing unauthorized remote access. Users of all versions of SICAM GridEdge Essential for ARM and GDS, as well as Intel versions prior to V2.7.3, should take immediate action to mitigate the risk associated with this vulnerability.

Affected Version(s)

SICAM GridEdge (Classic) 0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-22557...

x_refsource_MISC

https://cert-portal.siemens.com/productcert/html/ssa-2255...

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 12, 2022
Vulnerability Reserved
Jun 24, 2022

JSON