Vulnerabilities > CVE-2022-34464 - Exposure of Resource to Wrong Sphere vulnerability in Siemens products

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

local

low complexity

siemens

CWE-668

NVD

Published: 2022-07-12

Updated: 2022-07-19

Summary

A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions), SICAM GridEdge Essential Intel (All versions < V2.7.3), SICAM GridEdge Essential with GDS ARM (All versions), SICAM GridEdge Essential with GDS Intel (All versions < V2.7.3). Affected software uses an improperly protected file to import SSH keys. Attackers with access to the filesystem of the host on which SICAM GridEdge runs, are able to inject a custom SSH key to that file.

Vulnerable Configurations

Part	Description	Count
Application	Siemens Siemens Sicam Gridedge Essential GDS Intel * Siemens Sicam Gridedge Essential GDS ARM - Siemens Sicam Gridedge Essential Intel * Siemens Sicam Gridedge Essential ARM -	4

Common Weakness Enumeration (CWE)

CWE-668 - Exposure of Resource to Wrong Sphere

References

https://cert-portal.siemens.com/productcert/pdf/ssa-225578.pdf