Skip to main content

6Gk6108 4Am00 2Ba2 Firmware CVE-2022-31765

HIGH
Missing Authorization (CWE-862)
2022-10-11 productcert@siemens.com
Authentication Bypass 6Gk6108 4Am00 2Ba2 Firmware 6Gk6108 4Am00 2Da2 Firmware 6Gk5804 0Ap00 2Aa2 Firmware 6Gk5812 1Aa00 2Aa2 Firmware 6Gk5812 1Ba00 2Aa2 Firmware 6Gk5816 1Aa00 2Aa2 Firmware 6Gk5816 1Ba00 2Aa2 Firmware 6Gk5826 2Ab00 2Ab2 Firmware 6Gk5874 2Aa00 2Aa2 Firmware 6Gk5874 3Aa00 2Aa2 Firmware 6Gk5876 3Aa02 2Ba2 Firmware 6Gk5876 3Aa02 2Ea2 Firmware 6Gk5876 4Aa00 2Ba2 Firmware 6Gk5876 4Aa00 2Da2 Firmware 6Gk5853 2Ea00 2Da1 Firmware 6Gk5856 2Ea00 3Da1 Firmware 6Gk5856 2Ea00 3Aa1 Firmware 6Gk5622 2Gs00 2Ac2 Firmware 6Gk5632 2Gs00 2Ac2 Firmware 6Gk5636 2Gs00 2Ac2 Firmware 6Gk5642 2Gs00 2Ac2 Firmware 6Gk5646 2Gs00 2Ac2 Firmware 6Gk5721 1Fc00 0Aa0 Firmware 6Gk5721 1Fc00 0Ab0 Firmware 6Gk5722 1Fc00 0Aa0 Firmware 6Gk5722 1Fc00 0Ab0 Firmware 6Gk5722 1Fc00 0Ac0 Firmware 6Gk5734 1Fx00 0Aa0 Firmware 6Gk5734 1Fx00 0Aa6 Firmware 6Gk5734 1Fx00 0Ab0 Firmware 6Gk5734 1Fx00 0Ab6 Firmware 6Gk5738 1Gy00 0Aa0 Firmware 6Gk5738 1Gy00 0Ab0 Firmware 6Gk5748 1Gd00 0Aa0 Firmware 6Gk5748 1Gd00 0Ab0 Firmware 6Gk5748 1Fc00 0Aa0 Firmware 6Gk5748 1Fc00 0Ab0 Firmware 6Gk5761 1Fc00 0Aa0 Firmware 6Gk5761 1Fc00 0Ab0 Firmware 6Gk5774 1Fy00 0Ta0 Firmware 6Gk5774 1Fy00 0Tb0 Firmware 6Gk5774 1Fx00 0Aa0 Firmware 6Gk5774 1Fx00 0Aa6 Firmware 6Gk5774 1Fx00 0Ab0 Firmware 6Gk5774 1Fx00 0Ac0 Firmware 6Gk5774 1Fx00 0Ab6 Firmware 6Gk5778 1Gy00 0Aa0 Firmware 6Gk5778 1Gy00 0Ab0 Firmware 6Gk5778 1Gy00 0Ta0 Firmware 6Gk5778 1Gy00 0Tb0 Firmware 6Gk5786 1Fc00 0Aa0 Firmware 6Gk5786 1Fc00 0Ab0 Firmware 6Gk5786 2Fc00 0Aa0 Firmware 6Gk5786 2Fc00 0Ab0 Firmware 6Gk5786 2Fc00 0Ac0 Firmware 6Gk5786 2Fe00 0Aa0 Firmware 6Gk5786 2Fe00 0Ab0 Firmware 6Gk5786 2Hc00 0Aa0 Firmware 6Gk5786 2Hc00 0Ab0 Firmware 6Gk5788 1Gd00 0Aa0 Firmware 6Gk5788 1Gd00 0Ab0 Firmware 6Gk5788 1Fc00 0Aa0 Firmware 6Gk5788 1Fc00 0Ab0 Firmware 6Gk5788 2Gd00 0Aa0 Firmware 6Gk5788 2Gd00 0Ab0 Firmware 6Gk5788 2Gd00 0Ta0 Firmware 6Gk5788 2Gd00 0Tb0 Firmware 6Gk5788 2Gd00 0Tc0 Firmware 6Gk5788 2Fc00 0Aa0 Firmware 6Gk5788 2Fc00 0Ab0 Firmware 6Gk5788 2Fc00 0Ac0 Firmware 6Gk5748 1Gy01 0Aa0 Firmware 6Gk5748 1Gy01 0Ta0 Firmware 6Gk5788 1Gy01 0Aa0 Firmware 6Gk5788 2Gy01 0Ta0 Firmware 6Gk5788 2Gy01 0Aa0 Firmware 6Gk5788 2Hy01 0Aa0 Firmware 6Gk5763 1Al00 7Da0 Firmware 6Gk5766 1Ge00 7Da0 Firmware 6Gk5766 1Ge00 7Db0 Firmware 6Gk5766 1Je00 7Da0 Firmware 6Gk5766 1Ge00 7Ta0 Firmware 6Gk5766 1Ge00 7Tb0 Firmware 6Gk5766 1Je00 7Ta0 Firmware 6Gk5763 1Al00 3Aa0 Firmware 6Gk5763 1Al00 3Da0 Firmware 6Gk5766 1Ge00 3Da0 Firmware 6Gk5766 1Ge00 3Db0 Firmware 6Gk5766 1Je00 3Da0 Firmware 6Gk5205 3Bb00 2Ab2 Firmware 6Gk5205 3Bb00 2Tb2 Firmware 6Gk5205 3Bd00 2Tb2 Firmware 6Gk5205 3Bd00 2Ab2 Firmware 6Gk5205 3Bf00 2Tb2 Firmware 6Gk5205 3Bf00 2Ab2 Firmware 6Gk5208 0Ba00 2Tb2 Firmware 6Gk5208 0Ba00 2Ab2 Firmware 6Gk5213 3Bd00 2Tb2 Firmware 6Gk5213 3Bd00 2Ab2 Firmware 6Gk5213 3Bb00 2Tb2 Firmware 6Gk5213 3Bb00 2Ab2 Firmware 6Gk5213 3Bf00 2Tb2 Firmware 6Gk5213 3Bf00 2Ab2 Firmware 6Gk5216 0Ba00 2Tb2 Firmware 6Gk5216 0Ba00 2Ab2 Firmware 6Gk5206 2Bd00 2Ac2 Firmware 6Gk5206 2Bb00 2Ac2 Firmware 6Gk5206 2Rs00 2Ac2 Firmware 6Gk5206 2Rs00 5Ac2 Firmware 6Gk5206 2Rs00 5Fc2 Firmware 6Gk5206 2Bs00 2Ac2 Firmware 6Gk5206 2Bs00 2Fc2 Firmware 6Gk5206 2Gs00 2Ac2 Firmware 6Gk5206 2Gs00 2Tc2 Firmware 6Gk5206 2Gs00 2Fc2 Firmware 6Gk5208 0Ba00 2Ac2 Firmware 6Gk5208 0Ba00 2Fc2 Firmware 6Gk5208 0Ga00 2Ac2 Firmware 6Gk5208 0Ga00 2Tc2 Firmware 6Gk5208 0Ga00 2Fc2 Firmware 6Gk5208 0Ra00 2Ac2 Firmware 6Gk5208 0Ra00 5Ac2 Firmware 6Gk5216 0Ba00 2Ac2 Firmware 6Gk5216 3Rs00 2Ac2 Firmware 6Gk5216 3Rs00 5Ac2 Firmware 6Gk5216 4Bs00 2Ac2 Firmware 6Gk5216 4Gs00 2Ac2 Firmware 6Gk5216 4Gs00 2Tc2 Firmware 6Gk5216 4Gs00 2Fc2 Firmware 6Gk5216 0Ba00 2Fc2 Firmware 6Gk5224 0Ba00 2Ac2 Firmware 6Gk5224 4Gs00 2Ac2 Firmware 6Gk5224 4Gs00 2Tc2 Firmware 6Gk5224 4Gs00 2Fc2 Firmware 6Gk5204 0Ba00 2Gf2 Firmware 6Gk5204 0Ba00 2Yf2 Firmware 6Gk5204 2Aa00 2Gf2 Firmware 6Gk5204 2Aa00 2Yf2 Firmware 6Gk5408 4Gp00 2Am2 Firmware 6Gk5408 4Gq00 2Am2 Firmware 6Gk5408 8Gs00 2Am2 Firmware 6Gk5408 8Gr00 2Am2 Firmware 6Gk5416 4Gs00 2Am2 Firmware 6Gk5416 4Gr00 2Am2 Firmware 6Gk5208 0Ha00 2As6 Firmware 6Gk5208 0Ha00 2Ts6 Firmware 6Gk5208 0Ha00 2Es6 Firmware 6Gk5208 0Ua00 5Es6 Firmware 6Gk5216 0Ha00 2As6 Firmware 6Gk5216 0Ha00 2Ts6 Firmware 6Gk5216 0Ha00 2Es6 Firmware 6Gk5216 0Ua00 5Es6 Firmware 6Gk5324 0Ba00 3Ar3 Firmware 6Gk5324 0Ba00 2Ar3 Firmware 6Gk5326 2Qs00 3Ar3 Firmware 6Gk5326 2Qs00 3Rr3 Firmware 6Gk5328 4Fs00 3Ar3 Firmware 6Gk5328 4Fs00 3Rr3 Firmware 6Gk5328 4Fs00 2Ar3 Firmware 6Gk5328 4Fs00 2Rr3 Firmware 6Gk5328 4Ss00 3Ar3 Firmware 6Gk5328 4Ss00 2Ar3 Firmware 6Gk5524 8Gs00 3Ar2 Firmware 6Gk5524 8Gr00 3Ar2 Firmware 6Gk5524 8Gs00 4Ar2 Firmware 6Gk5524 8Gr00 4Ar2 Firmware 6Gk5524 8Gs00 2Ar2 Firmware 6Gk5524 8Gr00 2Ar2 Firmware 6Gk5526 8Gs00 3Ar2 Firmware 6Gk5526 8Gr00 3Ar2 Firmware 6Gk5526 8Gs00 4Ar2 Firmware 6Gk5526 8Gr00 4Ar2 Firmware 6Gk5526 8Gs00 2Ar2 Firmware 6Gk5526 8Gr00 2Ar2 Firmware 6Gk5528 0Aa00 2Ar2 Firmware 6Gk5528 0Aa00 2Hr2 Firmware 6Gk5528 0Ar00 2Hr2 Firmware 6Gk5528 0Ar00 2Ar2 Firmware 6Gk5552 0Aa00 2Ar2 Firmware 6Gk5552 0Aa00 2Hr2 Firmware 6Gk5552 0Ar00 2Hr2 Firmware 6Gk5552 0Ar00 2Ar2 Firmware 6Ag1206 2Bb00 7Ac2 Firmware 6Ag1206 2Bs00 7Ac2 Firmware 6Ag1208 0Ba00 7Ac2 Firmware 6Ag1216 4Bs00 7Ac2 Firmware
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 11, 2022 - 11:15 cve.org
HIGH 8.8

DescriptionCVE.org

Affected devices do not properly authorize the change password function of the web interface. This could allow low privileged users to escalate their privileges.

AnalysisAI

Affected devices do not properly authorize the change password function of the web interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Technical ContextAI

This vulnerability is classified as Missing Authorization (CWE-862), which allows attackers to access resources or perform actions without proper authorization checks. Affected devices do not properly authorize the change password function of the web interface. This could allow low privileged users to escalate their privileges. Affected products include: Siemens 6Gk6108-4Am00-2Ba2 Firmware, Siemens 6Gk6108-4Am00-2Da2 Firmware, Siemens 6Gk5804-0Ap00-2Aa2 Firmware, Siemens 6Gk5812-1Aa00-2Aa2 Firmware, Siemens 6Gk5812-1Ba00-2Aa2 Firmware.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Implement role-based access control, validate authorization on every request server-side, apply principle of least privilege.

Share

CVE-2022-31765 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy