Siemens: >> Sicam Gridedge Essential Security Vulnerabilities
A vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.6.6). The affected software does not apply cross-origin resource sharing (CORS) restrictions for critical operations. In case an attacker tricks a legitimate user into accessing a special resource a malicious request could be executed.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-06-14
A vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.6.6). The affected application does not require authenticated access for privileged functions. This could allow an unauthenticated attacker to change data of a user, such as credentials, in case that user's id is known.
CVSS Score
7.2
EPSS Score
0.004
Published
2022-06-14
A vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.6.6). The affected application does not require authenticated access for privileged functions. This could allow an unauthenticated attacker to create a new user with administrative permissions.
CVSS Score
9.8
EPSS Score
0.007
Published
2022-06-14
A vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.6.6). The affected application discloses password hashes of other users upon request. This could allow an authenticated user to retrieve another user's password hash.
CVSS Score
4.9
EPSS Score
0.002
Published
2022-06-14