CVE-2022-45094

Description

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product, could potentially inject commands into the dhcpd configuration of the affected product. An attacker might leverage this to trigger remote code execution on the affected component.

CVSS Version 3.1

nvd
CVE ID: CVE-2022-45094
Base Score: 8.8
Base Severity: HIGH
Vector String:CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 2.8

siemens
CVE ID: CVE-2022-45094
Base Score: 8.4
Base Severity: HIGH
Vector String:CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Impact Score: 6.0
Exploitability Score: 1.7

Refrence: NVD MITRE

Description​

Description