Strix
26.1K

CVE-2022-31765

HIGHCVSS 8.8/10EPSS 0.88%

Last modified

CVE-2022-31765 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. Affected devices do not properly authorize the change password function of the web interface. This could allow low privileged users to escalate their privileges.. EPSS estimates a 0.88% chance of exploitation in the next 30 days.

Description

Affected devices do not properly authorize the change password function of the web interface. This could allow low privileged users to escalate their privileges.

Metrics

CVSS 3.1
8.8/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
0.88%

54.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
Siemens6gk6108-4am00-2ba2 Firmware< 7.1.2
Siemens6gk6108-4am00-2da2 Firmware< 7.1.2
Siemens6gk5804-0ap00-2aa2 Firmware< 7.1.2
Siemens6gk5812-1aa00-2aa2 Firmware< 7.1.2
Siemens6gk5812-1ba00-2aa2 Firmware< 7.1.2
Siemens6gk5816-1aa00-2aa2 Firmware< 7.1.2
Siemens6gk5816-1ba00-2aa2 Firmware< 7.1.2
Siemens6gk5826-2ab00-2ab2 Firmware< 7.1.2
Siemens6gk5874-2aa00-2aa2 Firmware< 7.1.2
Siemens6gk5874-3aa00-2aa2 Firmware< 7.1.2
Siemens6gk5876-3aa02-2ba2 Firmware< 7.1.2
Siemens6gk5876-3aa02-2ea2 Firmware< 7.1.2
Siemens6gk5876-4aa00-2ba2 Firmware< 7.1.2
Siemens6gk5876-4aa00-2da2 Firmware< 7.1.2
Siemens6gk5853-2ea00-2da1 Firmware< 7.1.2
Siemens6gk5856-2ea00-3da1 Firmware< 7.1.2
Siemens6gk5856-2ea00-3aa1 Firmware< 7.1.2
Siemens6gk5622-2gs00-2ac2 FirmwareAll versions
Siemens6gk5632-2gs00-2ac2 FirmwareAll versions
Siemens6gk5636-2gs00-2ac2 FirmwareAll versions
Siemens6gk5642-2gs00-2ac2 FirmwareAll versions
Siemens6gk5646-2gs00-2ac2 FirmwareAll versions
Siemens6gk5721-1fc00-0aa0 FirmwareAll versions
Siemens6gk5721-1fc00-0ab0 FirmwareAll versions
Siemens6gk5722-1fc00-0aa0 FirmwareAll versions
Siemens6gk5722-1fc00-0ab0 FirmwareAll versions
Siemens6gk5722-1fc00-0ac0 FirmwareAll versions
Siemens6gk5734-1fx00-0aa0 FirmwareAll versions
Siemens6gk5734-1fx00-0aa6 FirmwareAll versions
Siemens6gk5734-1fx00-0ab0 FirmwareAll versions
Siemens6gk5734-1fx00-0ab6 FirmwareAll versions
Siemens6gk5738-1gy00-0aa0 FirmwareAll versions
Siemens6gk5738-1gy00-0ab0 FirmwareAll versions
Siemens6gk5748-1gd00-0aa0 FirmwareAll versions
Siemens6gk5748-1gd00-0ab0 FirmwareAll versions
Siemens6gk5748-1fc00-0aa0 FirmwareAll versions
Siemens6gk5748-1fc00-0ab0 FirmwareAll versions
Siemens6gk5761-1fc00-0aa0 FirmwareAll versions
Siemens6gk5761-1fc00-0ab0 FirmwareAll versions
Siemens6gk5774-1fy00-0ta0 FirmwareAll versions
Siemens6gk5774-1fy00-0tb0 FirmwareAll versions
Siemens6gk5774-1fx00-0aa0 FirmwareAll versions
Siemens6gk5774-1fx00-0aa6 FirmwareAll versions
Siemens6gk5774-1fx00-0ab0 FirmwareAll versions
Siemens6gk5774-1fx00-0ac0 FirmwareAll versions
Siemens6gk5774-1fx00-0ab6 FirmwareAll versions
Siemens6gk5778-1gy00-0aa0 FirmwareAll versions
Siemens6gk5778-1gy00-0ab0 FirmwareAll versions
Siemens6gk5778-1gy00-0ta0 FirmwareAll versions
Siemens6gk5778-1gy00-0tb0 FirmwareAll versions

Showing 50 of 186 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2022-31765?
Affected devices do not properly authorize the change password function of the web interface. This could allow low privileged users to escalate their privileges.
How severe is CVE-2022-31765?
CVE-2022-31765 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 0.88% probability of exploitation in the next 30 days.
How do I fix CVE-2022-31765?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-31765?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST