CVE-2022-30228

Published: Jun 14, 2022Modified: Jun 17, 2026

8.6

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: productcert@siemens.com (Secondary)

Description

A vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.6.6). The affected software does not apply cross-origin resource sharing (CORS) restrictions for critical operations. In case an attacker tricks a legitimate user into accessing a special resource a malicious request could be executed.

Affected (4)

Products: Siemens: Sicam Gridedge Essential

Siemens

1 product

Sicam Gridedge Essential

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Siemens Sicam Gridedge Essential	Before 2.6.6
Siemens Sicam Gridedge Essential	Before 2.6.6
Siemens Sicam Gridedge Essential	Before 2.6.6
Siemens Sicam Gridedge Essential	Before 2.6.6

Related CWEs

CWE-346

Origin Validation Error

The product does not properly verify that the source of data or communication is valid.

References (3)

https://cert-portal.siemens.com/productcert/html/ssa-631336.html

Source: productcert@siemens.com

https://cert-portal.siemens.com/productcert/pdf/ssa-631336.pdf

Source: productcert@siemens.com

PatchVendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-631336.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.