CVE-2022-31765
HIGHSiemens 6GK6108-4AM00-2BA2 and 6GK58xx Firmware < 7.1.2 - Missing Authorization for Password Change
Title source: llmDescription
Affected devices do not properly authorize the change password function of the web interface. This could allow low privileged users to escalate their privileges.
References (3)
Core 3
Core References
Mitigation, Patch, Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-552702.pdf
Scores
CVSS v3
8.8
EPSS
0.0050
EPSS Percentile
66.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-862
Status
published
Products (50)
siemens/6ag1206-2bb00-7ac2_firmware
siemens/6ag1206-2bs00-7ac2_firmware
siemens/6ag1208-0ba00-7ac2_firmware
siemens/6ag1216-4bs00-7ac2_firmware
siemens/6gk5204-0ba00-2gf2_firmware
siemens/6gk5204-0ba00-2yf2_firmware
siemens/6gk5204-2aa00-2gf2_firmware
siemens/6gk5204-2aa00-2yf2_firmware
siemens/6gk5205-3bb00-2ab2_firmware
siemens/6gk5205-3bb00-2tb2_firmware
... and 40 more
Published
Oct 11, 2022
Tracked Since
Feb 18, 2026