CVE-2022-34464 - Vulnerability Details - OpenCVE

A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions), SICAM GridEdge Essential Intel (All versions < V2.7.3), SICAM GridEdge Essential with GDS ARM (All versions), SICAM GridEdge Essential with GDS Intel (All versions < V2.7.3). Affected software uses an improperly protected file to import SSH keys. Attackers with access to the filesystem of the host on which SICAM GridEdge runs, are able to inject a custom SSH key to that file.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Siemens	Sicam Gridedge Essential Arm Sicam Gridedge Essential Gds Arm Sicam Gridedge Essential Gds Intel Sicam Gridedge Essential Intel

Configuration 1 [-]

OR	cpe:2.3:a:siemens:sicam_gridedge_essential_arm:-:::::::*
	cpe:2.3:a:siemens:sicam_gridedge_essential_gds_arm:-:::::::*
	cpe:2.3:a:siemens:sicam_gridedge_essential_gds_intel::::::::
	cpe:2.3:a:siemens:sicam_gridedge_essential_intel::::::::

No data.

References

Link	Providers
https://cert-portal.siemens.com/productcert/pdf/ssa-225578.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2022-07-12T10:07:19

Updated: 2024-08-03T09:15:15.179Z

Reserved: 2022-06-24T00:00:00

Link: CVE-2022-34464

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-07-12T10:15:11.983

Modified: 2024-11-21T07:09:37.340

Link: CVE-2022-34464

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "SICAM GridEdge Essential ARM", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions"}]}, {"product": "SICAM GridEdge Essential Intel", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V2.7.3"}]}, {"product": "SICAM GridEdge Essential with GDS ARM", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions"}]}, {"product": "SICAM GridEdge Essential with GDS Intel", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V2.7.3"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions), SICAM GridEdge Essential Intel (All versions < V2.7.3), SICAM GridEdge Essential with GDS ARM (All versions), SICAM GridEdge Essential with GDS Intel (All versions < V2.7.3). Affected software uses an improperly protected file to import SSH keys. Attackers with access to the filesystem of the host on which SICAM GridEdge runs, are able to inject a custom SSH key to that file."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-668", "description": "CWE-668: Exposure of Resource to Wrong Sphere", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-07-12T10:07:19", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-225578.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "productcert@siemens.com", "ID": "CVE-2022-34464", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SICAM GridEdge Essential ARM", "version": {"version_data": [{"version_value": "All versions"}]}}, {"product_name": "SICAM GridEdge Essential Intel", "version": {"version_data": [{"version_value": "All versions < V2.7.3"}]}}, {"product_name": "SICAM GridEdge Essential with GDS ARM", "version": {"version_data": [{"version_value": "All versions"}]}}, {"product_name": "SICAM GridEdge Essential with GDS Intel", "version": {"version_data": [{"version_value": "All versions < V2.7.3"}]}}]}, "vendor_name": "Siemens"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions), SICAM GridEdge Essential Intel (All versions < V2.7.3), SICAM GridEdge Essential with GDS ARM (All versions), SICAM GridEdge Essential with GDS Intel (All versions < V2.7.3). Affected software uses an improperly protected file to import SSH keys. Attackers with access to the filesystem of the host on which SICAM GridEdge runs, are able to inject a custom SSH key to that file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-668: Exposure of Resource to Wrong Sphere"}]}]}, "references": {"reference_data": [{"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-225578.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-225578.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T09:15:15.179Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-225578.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-34464", "datePublished": "2022-07-12T10:07:19", "dateReserved": "2022-06-24T00:00:00", "dateUpdated": "2024-08-03T09:15:15.179Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:sicam_gridedge_essential_arm:-:*:*:*:*:*:*:*", "matchCriteriaId": "5F730CE4-4022-41CD-81EA-7D57B456AD7C", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:sicam_gridedge_essential_gds_arm:-:*:*:*:*:*:*:*", "matchCriteriaId": "1362D50B-0EB3-4954-B0B5-7DBE1A0580E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:sicam_gridedge_essential_gds_intel:*:*:*:*:*:*:*:*", "matchCriteriaId": "DD8E058C-344A-4280-B1A5-7102854B484B", "versionEndExcluding": "2.7.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:sicam_gridedge_essential_intel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7ADDD625-3497-4291-9093-6FA162C7F05F", "versionEndExcluding": "2.7.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions), SICAM GridEdge Essential Intel (All versions < V2.7.3), SICAM GridEdge Essential with GDS ARM (All versions), SICAM GridEdge Essential with GDS Intel (All versions < V2.7.3). Affected software uses an improperly protected file to import SSH keys. Attackers with access to the filesystem of the host on which SICAM GridEdge runs, are able to inject a custom SSH key to that file."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en SICAM GridEdge Essential ARM (Todas las versiones), SICAM GridEdge Essential Intel (Todas las versiones anteriores a V2.7.3), SICAM GridEdge Essential con GDS ARM (Todas las versiones), SICAM GridEdge Essential con GDS Intel (Todas las versiones anteriores a V2.7.3). El software afectado usa un archivo protegido inapropiadamente para importar claves SSH. Los atacantes con acceso al sistema de archivos del host en el que es ejecutado SICAM GridEdge, son capaces de inyectar una clave SSH personalizada en ese archivo"}], "id": "CVE-2022-34464", "lastModified": "2024-11-21T07:09:37.340", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-07-12T10:15:11.983", "references": [{"source": "productcert@siemens.com", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-225578.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-225578.pdf"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-668"}], "source": "productcert@siemens.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-668"}], "source": "nvd@nist.gov", "type": "Primary"}]}