CVE-2022-31765
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
11/10/2022
Last modified:
11/04/2023
Description
Affected devices do not properly authorize the change password function of the web interface.<br />
This could allow low privileged users to escalate their privileges.
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:siemens:6gk6108-4am00-2ba2_firmware:*:*:*:*:*:*:*:* | 7.1.2 (excluding) | |
| cpe:2.3:h:siemens:6gk6108-4am00-2ba2:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:siemens:6gk6108-4am00-2da2_firmware:*:*:*:*:*:*:*:* | 7.1.2 (excluding) | |
| cpe:2.3:h:siemens:6gk6108-4am00-2da2:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:siemens:6gk5804-0ap00-2aa2_firmware:*:*:*:*:*:*:*:* | 7.1.2 (excluding) | |
| cpe:2.3:h:siemens:6gk5804-0ap00-2aa2:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:siemens:6gk5812-1aa00-2aa2_firmware:*:*:*:*:*:*:*:* | 7.1.2 (excluding) | |
| cpe:2.3:h:siemens:6gk5812-1aa00-2aa2:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:siemens:6gk5812-1ba00-2aa2_firmware:*:*:*:*:*:*:*:* | 7.1.2 (excluding) | |
| cpe:2.3:h:siemens:6gk5812-1ba00-2aa2:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:siemens:6gk5816-1aa00-2aa2_firmware:*:*:*:*:*:*:*:* | 7.1.2 (excluding) | |
| cpe:2.3:h:siemens:6gk5816-1aa00-2aa2:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:siemens:6gk5816-1ba00-2aa2_firmware:*:*:*:*:*:*:*:* | 7.1.2 (excluding) | |
| cpe:2.3:h:siemens:6gk5816-1ba00-2aa2:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:siemens:6gk5826-2ab00-2ab2_firmware:*:*:*:*:*:*:*:* | 7.1.2 (excluding) |
To consult the complete list of CPE names with products and versions, see this page