{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-43400", "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "dateUpdated": "2024-08-03T13:32:58.062Z", "dateReserved": "2022-10-18T00:00:00", "datePublished": "2022-10-21T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens", "dateUpdated": "2022-10-21T00:00:00"}, "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 (All versions < V22.2a (80)). The mobile server component of affected applications improperly handles the log in for Active Directory accounts that are part of Administrators group. This could allow an unauthenticated remote attacker to access the application without a valid account."}], "affected": [{"vendor": "Siemens", "product": "Siveillance Video Mobile Server V2022 R2", "versions": [{"version": "All versions < V22.2a (80)", "status": "affected"}]}], "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-640732.pdf"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-1390: None", "cweId": "CWE-1390"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:32:58.062Z"}, "title": "CVE Program Container", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-640732.pdf", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:siveillance_video_mobile_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "7BDCE907-C51F-40F2-9745-8AAFE468AB92", "versionEndExcluding": "22.2a\\(80\\)", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 (All versions < V22.2a (80)). The mobile server component of affected applications improperly handles the log in for Active Directory accounts that are part of Administrators group. This could allow an unauthenticated remote attacker to access the application without a valid account."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en Siveillance Video Mobile Server versiones V2022 R2 (Todas las versiones anteriores a V22.2a (80)). El componente del servidor m\u00f3vil de las aplicaciones afectadas administra inapropiadamente el inicio de sesi\u00f3n de las cuentas de Active Directory que forman parte del grupo de administradores. Esto podr\u00eda permitir a un atacante remoto no autenticado acceder a la aplicaci\u00f3n sin una cuenta v\u00e1lida"}], "id": "CVE-2022-43400", "lastModified": "2023-06-27T13:23:45.353", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-10-21T14:15:09.483", "references": [{"source": "productcert@siemens.com", "tags": ["Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-640732.pdf"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-1390"}], "source": "productcert@siemens.com", "type": "Secondary"}]}

{}