Vulnerabilities > CVE-2022-31808 - Unspecified vulnerability in Siemens products

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

siemens

NVD

Published: 2023-02-14

Updated: 2024-11-21

Summary

A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V2.85.44), SiPass integrated ACC-AP (All versions < V2.85.43). Affected devices improperly sanitize user input on the telnet command line interface. This could allow an authenticated user to escalate privileges by injecting arbitrary commands that are executed with root privileges.

Vulnerable Configurations

Part	Description	Count
OS	Siemens Siemens Sipass Integrated ACC AP Firmware - Siemens Sipass Integrated Ac5102 (Acc G2) Firmware -	2
Hardware	Siemens Siemens Sipass Integrated ACC AP - Siemens Sipass Integrated Ac5102 (Acc G2) -	2

References

https://cert-portal.siemens.com/productcert/pdf/ssa-658793.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-658793.pdf