Full Report
SICAM GridEdge contains an improper access control vulnerability. This could allow persons with local access to the host system to inject an SSH key. Siemens has released a new version for SICAM GridEdge (Classic) and recommends to update to the latest version.
Analysis Summary
# Vulnerability: Improper Access Control in SICAM GridEdge Allowing SSH Key Injection
## CVE Details
- CVE ID: CVE-2022-34464
- CVSS Score: 6.3 (CVSS v3.1) / 5.3 (CVSS v4.0) (Medium)
- CWE: CWE-552: Files or Directories Accessible to External Parties
## Affected Systems
- Products: SICAM GridEdge (Classic)
- Versions: All versions prior to V2.7.3
- Configurations: Requires local access to the host system where SICAM GridEdge runs.
## Vulnerability Description
The vulnerability exists because the affected application uses an improperly protected file mechanism to import SSH keys. This flaw allows an attacker who already has local access to the host filesystem to inject a custom SSH key into this file. Successful exploitation grants the attacker unauthorized access via SSH.
## Exploitation
- Status: Not explicitly stated as exploited in the wild, but the vulnerability allows for direct authentication bypass (SSH key injection).
- Complexity: Low (Assuming local access is already obtained, the injection itself is straightforward).
- Attack Vector: Local (Requires local access/filesystem access to the host).
## Impact
- Confidentiality: Low (Potential for unauthorized data access via injected SSH).
- Integrity: Low (Potential for unauthorized modification via injected SSH).
- Availability: Low (Potential for disruption via unauthorized access).
## Remediation
### Patches
- Update SICAM GridEdge (Classic) to **V2.7.3 or a later version**.
- Vendor reference for update: https://support.industry.siemens.com/cs/ww/en/view/109780559/
### Workarounds
- Restrict physical access to the affected device.
- Limit network access to the SSH port (22/tcp) only to trusted IP addresses, if feasible.
- Apply relevant General Security Recommendations, such as using firewalls, network segmentation, and VPNs to protect network access.
## Detection
- Indicators of compromise would include unauthorized SSH key entries in configuration files associated with SICAM GridEdge.
- Detection can be performed by auditing configuration files for unexpected SSH keys and reviewing system logs for unusual local access events or post-exploitation SSH sessions.
## References
- Vendor Advisory: SSA-225578
- Siemens Security Recommendations: https://www.siemens.com/gridsecurity