Sign-up

ID

VAR-202208-0785


CVE

CVE-2022-34659


TITLE

Siemens'  simcenter star-ccm+ viewer  Vulnerability regarding information leakage in

Trust: 0.8

sources: JVNDB: JVNDB-2022-014798

DESCRIPTION

A vulnerability has been identified in Simcenter STAR-CCM+ (All versions only if the Power-on-Demand public license server is used). Affected applications expose user, host and display name of users, when the public license server is used. This could allow an attacker to retrieve this information. Siemens' simcenter star-ccm+ viewer There is a vulnerability related to information leakage.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2022-34659 // JVNDB: JVNDB-2022-014798 // VULMON: CVE-2022-34659

AFFECTED PRODUCTS

vendor:siemensmodel:simcenter star-ccm\+ viewerscope:eqversion:*

Trust: 1.0

vendor:シーメンスmodel:simcenter star-ccm+ viewerscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simcenter star-ccm+ viewerscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-014798 // NVD: CVE-2022-34659

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-34659
value: HIGH

Trust: 1.0

NVD: CVE-2022-34659
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202208-2719
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-34659
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2022-34659
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-014798 // CNNVD: CNNVD-202208-2719 // NVD: CVE-2022-34659

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.0

problemtype:information leak (CWE-200) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-014798 // NVD: CVE-2022-34659

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202208-2719

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202208-2719

PATCH

title:Siemens Simcenter STAR-CCM+ Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=204575

Trust: 0.6

sources: CNNVD: CNNVD-202208-2719

EXTERNAL IDS

db:NVDid:CVE-2022-34659

Trust: 3.3

db:SIEMENSid:SSA-555707

Trust: 2.5

db:ICS CERTid:ICSA-22-223-01

Trust: 1.5

db:JVNid:JVNVU90767165

Trust: 0.8

db:JVNDBid:JVNDB-2022-014798

Trust: 0.8

db:AUSCERTid:ESB-2022.4038

Trust: 0.6

db:CNNVDid:CNNVD-202208-2719

Trust: 0.6

db:VULMONid:CVE-2022-34659

Trust: 0.1

sources: VULMON: CVE-2022-34659 // JVNDB: JVNDB-2022-014798 // CNNVD: CNNVD-202208-2719 // NVD: CVE-2022-34659

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-555707.pdf

Trust: 2.5

url:https://jvn.jp/vu/jvnvu90767165/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-34659

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-22-223-01

Trust: 0.8

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-223-01

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-34659/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.4038

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/200.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-223-01

Trust: 0.1

sources: VULMON: CVE-2022-34659 // JVNDB: JVNDB-2022-014798 // CNNVD: CNNVD-202208-2719 // NVD: CVE-2022-34659

CREDITS

Siemens reported this vulnerability to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202208-2719

SOURCES

db:VULMONid:CVE-2022-34659
db:JVNDBid:JVNDB-2022-014798
db:CNNVDid:CNNVD-202208-2719
db:NVDid:CVE-2022-34659

LAST UPDATE DATE

2024-08-14T14:17:45.385000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2022-34659date:2022-08-10T00:00:00
db:JVNDBid:JVNDB-2022-014798date:2023-09-21T08:10:00
db:CNNVDid:CNNVD-202208-2719date:2022-08-17T00:00:00
db:NVDid:CVE-2022-34659date:2022-08-16T15:58:26.020

SOURCES RELEASE DATE

db:VULMONid:CVE-2022-34659date:2022-08-10T00:00:00
db:JVNDBid:JVNDB-2022-014798date:2023-09-21T00:00:00
db:CNNVDid:CNNVD-202208-2719date:2022-08-10T00:00:00
db:NVDid:CVE-2022-34659date:2022-08-10T12:15:12.143