CVE-2022-34464
Published: 12 July 2022
Summary
CVE-2022-34464 is a medium-severity Files or Directories Accessible to External Parties (CWE-552) vulnerability in Siemens Sicam Gridedge Essential Arm. Its CVSS base score is 5.3 (Medium).
Operationally, ranked at the 37.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-37419
Vulnerability details
A vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.7.3). The affected application uses an improperly protected file to import SSH keys. This could allow attackers with access to the filesystem of the host on which SICAM…
more
GridEdge runs to inject a custom SSH key to that file.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Controls on authorized publication limit files and directories with nonpublic data from becoming accessible to external parties.
Identifying and documenting file and directory locations allows restriction of access to external parties.
Media access restrictions prevent files or directories from being accessible to external parties.
Employing and evaluating controls at documented alternate sites makes files and directories less likely to be accessible to external parties through physical or environmental weaknesses.
Procedures ensure CUI files and resources are not made accessible to external parties without required protections.
Enumerating systems surfaces externally reachable resources that would otherwise remain unmonitored and accessible.
Prevents public exposure of files or directories that should not be reachable by unauthenticated parties.
Controls whether organization resources are exposed to external system spheres by permitting or prohibiting their use.