ID

VAR-202301-0547


CVE

CVE-2022-45094


TITLE

SINEC INS  Command injection vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-001790

DESCRIPTION

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product, could potentially inject commands into the dhcpd configuration of the affected product. An attacker might leverage this to trigger remote code execution on the affected component. SINEC INS Contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2022-45094 // JVNDB: JVNDB-2023-001790

AFFECTED PRODUCTS

vendor:siemensmodel:sinec insscope:eqversion:1.0

Trust: 1.0

vendor:siemensmodel:sinec insscope:ltversion:1.0

Trust: 1.0

vendor:シーメンスmodel:sinec insscope:eqversion: -

Trust: 0.8

vendor:シーメンスmodel:sinec insscope:eqversion:1.0 sp2 update 1

Trust: 0.8

sources: JVNDB: JVNDB-2023-001790 // NVD: CVE-2022-45094

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-45094
value: HIGH

Trust: 1.0

productcert@siemens.com: CVE-2022-45094
value: HIGH

Trust: 1.0

NVD: CVE-2022-45094
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202301-661
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-45094
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

productcert@siemens.com: CVE-2022-45094
baseSeverity: HIGH
baseScore: 8.4
vectorString: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.7
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2022-45094
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-001790 // CNNVD: CNNVD-202301-661 // NVD: CVE-2022-45094 // NVD: CVE-2022-45094

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

problemtype:Command injection (CWE-77) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-001790 // NVD: CVE-2022-45094

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202301-661

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202301-661

PATCH

title:SSA-332410url:https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf

Trust: 0.8

title:Siemens SINEC NMS Fixes for command injection vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=221646

Trust: 0.6

sources: JVNDB: JVNDB-2023-001790 // CNNVD: CNNVD-202301-661

EXTERNAL IDS

db:NVDid:CVE-2022-45094

Trust: 3.2

db:SIEMENSid:SSA-332410

Trust: 1.6

db:JVNid:JVNVU90782730

Trust: 0.8

db:ICS CERTid:ICSA-23-017-03

Trust: 0.8

db:JVNDBid:JVNDB-2023-001790

Trust: 0.8

db:CNNVDid:CNNVD-202301-661

Trust: 0.6

sources: JVNDB: JVNDB-2023-001790 // CNNVD: CNNVD-202301-661 // NVD: CVE-2022-45094

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf

Trust: 1.6

url:https://jvn.jp/vu/jvnvu90782730/index.html

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-45094

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-23-017-03

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-45094/

Trust: 0.6

sources: JVNDB: JVNDB-2023-001790 // CNNVD: CNNVD-202301-661 // NVD: CVE-2022-45094

SOURCES

db:JVNDBid:JVNDB-2023-001790
db:CNNVDid:CNNVD-202301-661
db:NVDid:CVE-2022-45094

LAST UPDATE DATE

2024-08-14T13:06:58.516000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2023-001790date:2023-05-12T04:41:00
db:CNNVDid:CNNVD-202301-661date:2023-01-16T00:00:00
db:NVDid:CVE-2022-45094date:2023-01-14T00:43:06.910

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2023-001790date:2023-05-12T00:00:00
db:CNNVDid:CNNVD-202301-661date:2023-01-10T00:00:00
db:NVDid:CVE-2022-45094date:2023-01-10T12:15:23.590