ID

VAR-202301-0546


CVE

CVE-2022-45093


TITLE

SINEC INS  Past traversal vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-001807

DESCRIPTION

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product as well as with access to the SFTP server of the affected product (22/tcp), could potentially read and write arbitrary files from and to the device's file system. An attacker might leverage this to trigger remote code execution on the affected component. SINEC INS Exists in a past traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2022-45093 // JVNDB: JVNDB-2023-001807

AFFECTED PRODUCTS

vendor:siemensmodel:sinec insscope:eqversion:1.0

Trust: 1.0

vendor:siemensmodel:sinec insscope:ltversion:1.0

Trust: 1.0

vendor:シーメンスmodel:sinec insscope:eqversion:1.0 sp2 update 1

Trust: 0.8

vendor:シーメンスmodel:sinec insscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-001807 // NVD: CVE-2022-45093

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-45093
value: HIGH

Trust: 1.0

productcert@siemens.com: CVE-2022-45093
value: HIGH

Trust: 1.0

NVD: CVE-2022-45093
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202301-799
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-45093
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

productcert@siemens.com: CVE-2022-45093
baseSeverity: HIGH
baseScore: 8.5
vectorString: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2022-45093
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-001807 // CNNVD: CNNVD-202301-799 // NVD: CVE-2022-45093 // NVD: CVE-2022-45093

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.0

problemtype:Path traversal (CWE-22) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-001807 // NVD: CVE-2022-45093

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202301-799

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202301-799

PATCH

title:SSA-332410url:https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf

Trust: 0.8

title:Siemens SINEC NMS Repair measures for path traversal vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=221681

Trust: 0.6

sources: JVNDB: JVNDB-2023-001807 // CNNVD: CNNVD-202301-799

EXTERNAL IDS

db:NVDid:CVE-2022-45093

Trust: 3.2

db:SIEMENSid:SSA-332410

Trust: 1.6

db:ICS CERTid:ICSA-23-017-03

Trust: 0.8

db:JVNid:JVNVU90782730

Trust: 0.8

db:JVNDBid:JVNDB-2023-001807

Trust: 0.8

db:CNNVDid:CNNVD-202301-799

Trust: 0.6

sources: JVNDB: JVNDB-2023-001807 // CNNVD: CNNVD-202301-799 // NVD: CVE-2022-45093

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf

Trust: 1.6

url:https://jvn.jp/vu/jvnvu90782730/index.html

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-45093

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-23-017-03

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-45093/

Trust: 0.6

sources: JVNDB: JVNDB-2023-001807 // CNNVD: CNNVD-202301-799 // NVD: CVE-2022-45093

SOURCES

db:JVNDBid:JVNDB-2023-001807
db:CNNVDid:CNNVD-202301-799
db:NVDid:CVE-2022-45093

LAST UPDATE DATE

2024-08-14T12:22:08.537000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2023-001807date:2023-05-16T03:25:00
db:CNNVDid:CNNVD-202301-799date:2023-01-16T00:00:00
db:NVDid:CVE-2022-45093date:2023-01-14T00:43:41.810

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2023-001807date:2023-05-16T00:00:00
db:CNNVDid:CNNVD-202301-799date:2023-01-10T00:00:00
db:NVDid:CVE-2022-45093date:2023-01-10T12:15:23.523