Lucene search

SiemensCVE-2022-40147

HistoryOct 11, 2022 - 11:15 a.m.

CVE-2022-40147

2022-10-1111:15:10

CWE-295

siemens

web.nvd.nist.gov

cve-2022-40147

industrial edge management

tls validation

security vulnerability

nvd

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

39.7%

JSON

A vulnerability has been identified in Industrial Edge Management (All versions < V1.5.1). The affected software does not properly validate the server certificate when initiating a TLS connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path between the client and the intended server.

Affected configurations

Nvd

Node

siemensindustrial_edge_managementRange<1.5.1

VendorProductVersionCPE
siemensindustrial_edge_management*cpe:2.3:a:siemens:industrial_edge_management:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	industrial_edge_management	*	cpe:2.3:a:siemens:industrial_edge_management::::::::

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "Industrial Edge Management",
    "versions": [
      {
        "version": "All versions < V1.5.1",
        "status": "affected"
      }
    ]
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-649853.pdf

Social References

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

39.7%

JSON

Related for CVE-2022-40147