CVE-2022-30231
14.06.2022, 10:15
A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6), SICAM GridEdge Essential Intel (All versions < V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions < V2.6.6), SICAM GridEdge Essential with GDS Intel (All versions < V2.6.6). The affected software discloses password hashes of other users upon request. This could allow an authenticated user to retrieve another users password hash.
| Vendor | Product | Version |
|---|---|---|
| siemens | sicam_gridedge_essential | 𝑥 < 2.6.6 |
| siemens | sicam_gridedge_essential | 𝑥 < 2.6.6 |
| siemens | sicam_gridedge_essential | 𝑥 < 2.6.6 |
| siemens | sicam_gridedge_essential | 𝑥 < 2.6.6 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-402 - Transmission of Private Resources into a New Sphere ('Resource Leak')The software makes resources available to untrusted parties when those resources are only intended to be accessed by the software.
- CWE-522 - Insufficiently Protected CredentialsThe product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.