CVE-2022-34464

MEDIUM

SICAM GridEdge (Classic) < V2.7.3 - Code Injection

Title source: llm

Description

A vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.7.3). The affected application uses an improperly protected file to import SSH keys. This could allow attackers with access to the filesystem of the host on which SICAM GridEdge runs to inject a custom SSH key to that file.

References (2)

[Vendor Advisory] https://cert-portal.siemens.com/productcert/html/ssa-225578.html

[Mitigation, Patch, Vendor Advisory] https://cert-portal.siemens.com/productcert/pdf/ssa-225578.pdf

Scores

CVSS v3 6.3

EPSS 0.0017

EPSS Percentile 37.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Classification

CWE

CWE-552 CWE-668

Status published

Affected Products (4)

siemens/sicam_gridedge_essential_arm

siemens/sicam_gridedge_essential_gds_arm

siemens/sicam_gridedge_essential_gds_intel < 2.7.3

siemens/sicam_gridedge_essential_intel < 2.7.3

Timeline

Published Jul 12, 2022

Tracked Since Feb 18, 2026