CVE-2021-44524

EUVD-2021-31356

14.12.2021, 12:15

A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal user authentication service. This could allow an unauthenticated remote attacker to trigger several actions on behalf of valid user accounts.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 68%

Affected Products (NVD)

Vendor	Product	Version
siemens	sipass_integrated	2.76
siemens	sipass_integrated	2.76:sp1
siemens	sipass_integrated	2.80
siemens	sipass_integrated	2.85
siemens	siveillance_identity	1.6 ≤ 𝑥 ≤ 1.6.284.0
siemens	siveillance_identity	1.5

𝑥

= Vulnerable software versions

Common Weakness Enumeration

References

https://cert-portal.siemens.com/productcert/pdf/ssa-160202.pdf

https://cert-portal.siemens.com/productcert/pdf/ssa-463116.pdf

https://cert-portal.siemens.com/productcert/pdf/ssa-160202.pdf

https://cert-portal.siemens.com/productcert/pdf/ssa-463116.pdf