First published: Tue Dec 14 2021(Updated: )
A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal user authentication service. This could allow an unauthenticated remote attacker to trigger several actions on behalf of valid user accounts.
Credit: productcert@siemens.com
Affected Software | Affected Version | How to fix |
---|---|---|
Siemens SiPass integrated | =2.76 | |
Siemens SiPass integrated | =2.76-sp1 | |
Siemens SiPass integrated | =2.80 | |
Siemens SiPass integrated | =2.85 | |
Siemens Siveillance Identity | >=1.6<=1.6.284.0 | |
Siemens Siveillance Identity | =1.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2021-44524.
The severity of CVE-2021-44524 is critical.
SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0) are affected by CVE-2021-44524.
The Common Weakness Enumeration (CWE) ID for this vulnerability is CWE-287 and CWE-668.
You can find more information about CVE-2021-44524 at the following links: [Link 1](https://cert-portal.siemens.com/productcert/pdf/ssa-160202.pdf), [Link 2](https://cert-portal.siemens.com/productcert/pdf/ssa-463116.pdf).