CVE-2022-31810

Published: Jul 11, 2023Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A vulnerability has been identified in SiPass integrated (All versions < V2.90.3.8). Affected server applications improperly check the size of data packets received for the configuration client login, causing a stack-based buffer overflow. This could allow an unauthenticated remote attacker to crash the server application, creating a denial of service condition.

Affected (1)

Products: Siemens: Sipass Integrated

1 product

Sipass Integrated

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Siemens Sipass Integrated	Before 2.90.3.8

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://cert-portal.siemens.com/productcert/pdf/ssa-924149.pdf

Source: productcert@siemens.com

Vendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-924149.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.