6.9
CVE-2022-30231
- EPSS 0.19%
- Veröffentlicht 14.06.2022 10:15:20
- Zuletzt bearbeitet 12.11.2025 08:15:39
- Quelle productcert@siemens.com
- CVE-Watchlists
- Unerledigt
LoginA vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.6.6). The affected application discloses password hashes of other users upon request. This could allow an authenticated user to retrieve another user's password hash.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Siemens ≫ Sicam Gridedge Essential SwEditionarm Version < 2.6.6
Siemens ≫ Sicam Gridedge Essential SwEditiongds_arm Version < 2.6.6
Siemens ≫ Sicam Gridedge Essential SwEditiongds_intel Version < 2.6.6
Siemens ≫ Sicam Gridedge Essential SwEditionintel Version < 2.6.6
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.19% | 0.408 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| productcert@siemens.com | 4.9 | 1.2 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
| productcert@siemens.com | 6.9 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
CWE-402 Transmission of Private Resources into a New Sphere ('Resource Leak')
The product makes resources available to untrusted parties when those resources are only intended to be accessed by the product.
CWE-522 Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.