CVE-2022-31808

EPSS 0.07%
Published 14.02.2023 11:15:12
Last modified 21.11.2024 07:05:22
Source productcert@siemens.com
Teams watchlist Login
Open Login

A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V2.85.44), SiPass integrated ACC-AP (All versions < V2.85.43). Affected devices improperly sanitize user input on the telnet command line interface.

This could allow an authenticated user to escalate privileges by injecting arbitrary commands that are executed with root privileges.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Siemens ≫ Sipass Integrated Acc-ap Firmware Version < 2.85.43

Siemens ≫ Sipass Integrated Acc-ap Version-

Siemens ≫ Sipass Integrated Ac5102 (acc-g2) Firmware Version < 2.85.44

Siemens ≫ Sipass Integrated Ac5102 (acc-g2) Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.07%	0.19

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
productcert@siemens.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://cert-portal.siemens.com/productcert/pdf/ssa-658793.pdf

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-31808

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-31808

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-31808

EUVD