CVE-2022-30228

Опубликовано: 14 июн. 2022

Источник: nvd

CVSS3: 8.8

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

A vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.6.6). The affected software does not apply cross-origin resource sharing (CORS) restrictions for critical operations. In case an attacker tricks a legitimate user into accessing a special resource a malicious request could be executed.

Ссылки

https://cert-portal.siemens.com/productcert/html/ssa-631336.html
https://cert-portal.siemens.com/productcert/pdf/ssa-631336.pdf
Patch
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-631336.pdf
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:siemens:sicam_gridedge_essential:*:*:*:*:arm:*:*:*

Версия до 2.6.6 (исключая)

cpe:2.3:a:siemens:sicam_gridedge_essential:*:*:*:*:gds_arm:*:*:*

Версия до 2.6.6 (исключая)

cpe:2.3:a:siemens:sicam_gridedge_essential:*:*:*:*:gds_intel:*:*:*

Версия до 2.6.6 (исключая)

cpe:2.3:a:siemens:sicam_gridedge_essential:*:*:*:*:intel:*:*:*

Версия до 2.6.6 (исключая)

EPSS

Процентиль: 35%

0.00147

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-346

Связанные уязвимости

GHSA-rq2g-2prr-ww75

CVSS3: 6.5

github

больше 3 лет назад

A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6), SICAM GridEdge Essential Intel (All versions < V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions < V2.6.6), SICAM GridEdge Essential with GDS Intel (All versions < V2.6.6). The affected software does not apply cross-origin resource sharing (CORS) restrictions for critical operations. In case an attacker tricks a legitimate user into accessing a special resource a malicious request could be executed.

EPSS

Процентиль: 35%

0.00147

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-346