{"containers": {"cna": {"affected": [{"product": "SICAM GridEdge Essential ARM", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions"}]}, {"product": "SICAM GridEdge Essential Intel", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V2.7.3"}]}, {"product": "SICAM GridEdge Essential with GDS ARM", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions"}]}, {"product": "SICAM GridEdge Essential with GDS Intel", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V2.7.3"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions), SICAM GridEdge Essential Intel (All versions < V2.7.3), SICAM GridEdge Essential with GDS ARM (All versions), SICAM GridEdge Essential with GDS Intel (All versions < V2.7.3). Affected software uses an improperly protected file to import SSH keys. Attackers with access to the filesystem of the host on which SICAM GridEdge runs, are able to inject a custom SSH key to that file."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-668", "description": "CWE-668: Exposure of Resource to Wrong Sphere", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-07-12T10:07:19", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-225578.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "productcert@siemens.com", "ID": "CVE-2022-34464", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SICAM GridEdge Essential ARM", "version": {"version_data": [{"version_value": "All versions"}]}}, {"product_name": "SICAM GridEdge Essential Intel", "version": {"version_data": [{"version_value": "All versions < V2.7.3"}]}}, {"product_name": "SICAM GridEdge Essential with GDS ARM", "version": {"version_data": [{"version_value": "All versions"}]}}, {"product_name": "SICAM GridEdge Essential with GDS Intel", "version": {"version_data": [{"version_value": "All versions < V2.7.3"}]}}]}, "vendor_name": "Siemens"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions), SICAM GridEdge Essential Intel (All versions < V2.7.3), SICAM GridEdge Essential with GDS ARM (All versions), SICAM GridEdge Essential with GDS Intel (All versions < V2.7.3). Affected software uses an improperly protected file to import SSH keys. Attackers with access to the filesystem of the host on which SICAM GridEdge runs, are able to inject a custom SSH key to that file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-668: Exposure of Resource to Wrong Sphere"}]}]}, "references": {"reference_data": [{"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-225578.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-225578.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T09:15:15.179Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-225578.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-34464", "datePublished": "2022-07-12T10:07:19", "dateReserved": "2022-06-24T00:00:00", "dateUpdated": "2024-08-03T09:15:15.179Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:sicam_gridedge_essential_arm:-:*:*:*:*:*:*:*", "matchCriteriaId": "5F730CE4-4022-41CD-81EA-7D57B456AD7C", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:sicam_gridedge_essential_gds_arm:-:*:*:*:*:*:*:*", "matchCriteriaId": "1362D50B-0EB3-4954-B0B5-7DBE1A0580E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:sicam_gridedge_essential_gds_intel:*:*:*:*:*:*:*:*", "matchCriteriaId": "DD8E058C-344A-4280-B1A5-7102854B484B", "versionEndExcluding": "2.7.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:sicam_gridedge_essential_intel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7ADDD625-3497-4291-9093-6FA162C7F05F", "versionEndExcluding": "2.7.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions), SICAM GridEdge Essential Intel (All versions < V2.7.3), SICAM GridEdge Essential with GDS ARM (All versions), SICAM GridEdge Essential with GDS Intel (All versions < V2.7.3). Affected software uses an improperly protected file to import SSH keys. Attackers with access to the filesystem of the host on which SICAM GridEdge runs, are able to inject a custom SSH key to that file."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en SICAM GridEdge Essential ARM (Todas las versiones), SICAM GridEdge Essential Intel (Todas las versiones anteriores a V2.7.3), SICAM GridEdge Essential con GDS ARM (Todas las versiones), SICAM GridEdge Essential con GDS Intel (Todas las versiones anteriores a V2.7.3). El software afectado usa un archivo protegido inapropiadamente para importar claves SSH. Los atacantes con acceso al sistema de archivos del host en el que es ejecutado SICAM GridEdge, son capaces de inyectar una clave SSH personalizada en ese archivo"}], "id": "CVE-2022-34464", "lastModified": "2024-11-21T07:09:37.340", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-07-12T10:15:11.983", "references": [{"source": "productcert@siemens.com", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-225578.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-225578.pdf"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-668"}], "source": "productcert@siemens.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-668"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}