ID

VAR-202301-0545


CVE

CVE-2022-45092


TITLE

SINEC INS  Past traversal vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-001808

DESCRIPTION

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product, could potentially read and write arbitrary files from and to the device's file system. An attacker might leverage this to trigger remote code execution on the affected component. SINEC INS Exists in a past traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2022-45092 // JVNDB: JVNDB-2023-001808

AFFECTED PRODUCTS

vendor:siemensmodel:sinec insscope:eqversion:1.0

Trust: 1.0

vendor:siemensmodel:sinec insscope:ltversion:1.0

Trust: 1.0

vendor:シーメンスmodel:sinec insscope:eqversion:1.0 sp2 update 1

Trust: 0.8

vendor:シーメンスmodel:sinec insscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-001808 // NVD: CVE-2022-45092

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-45092
value: HIGH

Trust: 1.0

productcert@siemens.com: CVE-2022-45092
value: CRITICAL

Trust: 1.0

NVD: CVE-2022-45092
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202301-654
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-45092
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

productcert@siemens.com: CVE-2022-45092
baseSeverity: CRITICAL
baseScore: 9.9
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.1
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2022-45092
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-001808 // CNNVD: CNNVD-202301-654 // NVD: CVE-2022-45092 // NVD: CVE-2022-45092

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.0

problemtype:Path traversal (CWE-22) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-001808 // NVD: CVE-2022-45092

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202301-654

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202301-654

PATCH

title:SSA-332410url:https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf

Trust: 0.8

title:Siemens SINEC NMS Repair measures for path traversal vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=221640

Trust: 0.6

sources: JVNDB: JVNDB-2023-001808 // CNNVD: CNNVD-202301-654

EXTERNAL IDS

db:NVDid:CVE-2022-45092

Trust: 3.2

db:SIEMENSid:SSA-332410

Trust: 1.6

db:ICS CERTid:ICSA-23-017-03

Trust: 0.8

db:JVNid:JVNVU90782730

Trust: 0.8

db:JVNDBid:JVNDB-2023-001808

Trust: 0.8

db:CNNVDid:CNNVD-202301-654

Trust: 0.6

sources: JVNDB: JVNDB-2023-001808 // CNNVD: CNNVD-202301-654 // NVD: CVE-2022-45092

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf

Trust: 1.6

url:https://jvn.jp/vu/jvnvu90782730/index.html

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-45092

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-23-017-03

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-45092/

Trust: 0.6

sources: JVNDB: JVNDB-2023-001808 // CNNVD: CNNVD-202301-654 // NVD: CVE-2022-45092

SOURCES

db:JVNDBid:JVNDB-2023-001808
db:CNNVDid:CNNVD-202301-654
db:NVDid:CVE-2022-45092

LAST UPDATE DATE

2024-08-14T12:24:25.883000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2023-001808date:2023-05-16T03:29:00
db:CNNVDid:CNNVD-202301-654date:2023-01-16T00:00:00
db:NVDid:CVE-2022-45092date:2023-01-14T00:47:06.117

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2023-001808date:2023-05-16T00:00:00
db:CNNVDid:CNNVD-202301-654date:2023-01-10T00:00:00
db:NVDid:CVE-2022-45092date:2023-01-10T12:15:23.453