Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-44524

A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal user authentication service. This could allow an unauthenticated remote attacker to trigger several actions on behalf of valid user accounts.

Published

2021-12-14T12:15:12.147

Last Modified

2024-11-21T06:31:09.470

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-668
Type: Primary
CWE-287

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	siemens	sipass_integrated	2.76	Yes
Application	siemens	sipass_integrated	2.76	Yes
Application	siemens	sipass_integrated	2.80	Yes
Application	siemens	sipass_integrated	2.85	Yes
Application	siemens	siveillance_identity	≤ 1.6.284.0	Yes
Application	siemens	siveillance_identity	1.5	Yes

References

https://cert-portal.siemens.com/productcert/pdf/ssa-160202.pdf Vendor Advisory ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-463116.pdf Vendor Advisory ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-160202.pdf Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://cert-portal.siemens.com/productcert/pdf/ssa-463116.pdf Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)