Sign-up

ID

VAR-202206-0885


CVE

CVE-2022-26476


TITLE

Siemens Spectrum Power Trust Management Issue Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202206-1268

DESCRIPTION

A vulnerability has been identified in Spectrum Power 4 (All versions using Shared HIS), Spectrum Power 7 (All versions using Shared HIS), Spectrum Power MGMS (All versions using Shared HIS). An unauthenticated attacker could log into the component Shared HIS used in Spectrum Power systems by using an account with default credentials. A successful exploitation could allow the attacker to access the component Shared HIS with administrative privileges

Trust: 0.99

sources: NVD: CVE-2022-26476 // VULMON: CVE-2022-26476

AFFECTED PRODUCTS

vendor:siemensmodel:spectrum power 7scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:spectrum power 4scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:spectrum power microgrid management systemscope:eqversion: -

Trust: 1.0

sources: NVD: CVE-2022-26476

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-26476
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202206-1268
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-26476
severity: MEDIUM
baseScore: 5.4
vectorString: AV:A/AC:M/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

nvd@nist.gov: CVE-2022-26476
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNNVD: CNNVD-202206-1268 // NVD: CVE-2022-26476

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.0

sources: NVD: CVE-2022-26476

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202206-1268

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202206-1268

PATCH

title:Siemens Spectrum Power Repair measures for trust management problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=196615

Trust: 0.6

sources: CNNVD: CNNVD-202206-1268

EXTERNAL IDS

db:SIEMENSid:SSA-388239

Trust: 1.7

db:NVDid:CVE-2022-26476

Trust: 1.7

db:ICS CERTid:ICSA-22-167-12

Trust: 0.7

db:CNNVDid:CNNVD-202206-1268

Trust: 0.6

db:VULMONid:CVE-2022-26476

Trust: 0.1

sources: VULMON: CVE-2022-26476 // CNNVD: CNNVD-202206-1268 // NVD: CVE-2022-26476

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-388239.pdf

Trust: 1.7

url:https://cxsecurity.com/cveshow/cve-2022-26476/

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-167-12

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-12

Trust: 0.1

sources: VULMON: CVE-2022-26476 // CNNVD: CNNVD-202206-1268 // NVD: CVE-2022-26476

CREDITS

Siemens reported this vulnerability to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202206-1268

SOURCES

db:VULMONid:CVE-2022-26476
db:CNNVDid:CNNVD-202206-1268
db:NVDid:CVE-2022-26476

LAST UPDATE DATE

2024-11-23T22:47:21.135000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2022-26476date:2022-06-14T00:00:00
db:CNNVDid:CNNVD-202206-1268date:2022-06-30T00:00:00
db:NVDid:CVE-2022-26476date:2024-11-21T06:54:01.333

SOURCES RELEASE DATE

db:VULMONid:CVE-2022-26476date:2022-06-14T00:00:00
db:CNNVDid:CNNVD-202206-1268date:2022-06-14T00:00:00
db:NVDid:CVE-2022-26476date:2022-06-14T10:15:19.883