Vulnerability Description
A vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.7.3). The affected application uses an improperly protected file to import SSH keys. This could allow attackers with access to the filesystem of the host on which SICAM GridEdge runs to inject a custom SSH key to that file.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Sicam Gridedge Essential Arm | - |
| Siemens | Sicam Gridedge Essential Gds Arm | - |
| Siemens | Sicam Gridedge Essential Gds Intel | < 2.7.3 |
| Siemens | Sicam Gridedge Essential Intel | < 2.7.3 |
Related Weaknesses (CWE)
References
- https://cert-portal.siemens.com/productcert/html/ssa-225578.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-225578.pdfMitigationPatchVendor Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-225578.pdfMitigationPatchVendor Advisory
FAQ
What is CVE-2022-34464?
CVE-2022-34464 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.7.3). The affected application uses an improperly protected file to import SSH keys. This could allow attackers with ...
How severe is CVE-2022-34464?
CVE-2022-34464 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-34464?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Sicam Gridedge Essential Arm, Siemens Sicam Gridedge Essential Gds Arm, Siemens Sicam Gridedge Essential Gds Intel, Siemens Sicam Gridedge Essential Intel.