Cyber Resilience

CVE-2022-34464

Medium

Published: 12 July 2022

Published
12 July 2022
Modified
12 November 2025
KEV Added
Patch
CVSS Score v4 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0017 37.4th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-34464 is a medium-severity Files or Directories Accessible to External Parties (CWE-552) vulnerability in Siemens Sicam Gridedge Essential Arm. Its CVSS base score is 5.3 (Medium).

Operationally, ranked at the 37.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.7.3). The affected application uses an improperly protected file to import SSH keys. This could allow attackers with access to the filesystem of the host on which SICAM…

more

GridEdge runs to inject a custom SSH key to that file.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

siemens
sicam gridedge essential arm
all versions
siemens
sicam gridedge essential gds arm
all versions
siemens
sicam gridedge essential gds intel
≤ 2.7.3
siemens
sicam gridedge essential intel
≤ 2.7.3

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-552 CWE-668

Controls on authorized publication limit files and directories with nonpublic data from becoming accessible to external parties.

addresses: CWE-552 CWE-668

Identifying and documenting file and directory locations allows restriction of access to external parties.

addresses: CWE-552 CWE-668

Media access restrictions prevent files or directories from being accessible to external parties.

addresses: CWE-552 CWE-668

Employing and evaluating controls at documented alternate sites makes files and directories less likely to be accessible to external parties through physical or environmental weaknesses.

addresses: CWE-552 CWE-668

Procedures ensure CUI files and resources are not made accessible to external parties without required protections.

addresses: CWE-552 CWE-668

Enumerating systems surfaces externally reachable resources that would otherwise remain unmonitored and accessible.

addresses: CWE-552 CWE-668

Prevents public exposure of files or directories that should not be reachable by unauthenticated parties.

addresses: CWE-668

Controls whether organization resources are exposed to external system spheres by permitting or prohibiting their use.

References