CVE-2022-30228 – SICAM GridEdge (Classic) versions before V2.6.6... (How to Fix)

Q: How do I fix CVE-2022-30228?

1. Download V2.6.6 from Siemens support portal. 2. Backup current configuration. 3. Apply update following Siemens installation guide. 4. Restart system. 5. Verify version update.

Q: What is the severity of CVE-2022-30228?

CVE-2022-30228 has a CVSS score of 8.8 (HIGH). SICAM GridEdge (Classic) versions before V2.6.6 lack proper CORS restrictions, allowing attackers to trick authenticated users into executing malicious requests via cross-origin attacks. This affects all users of vulnerable SICAM GridEdge (Classic) installations.

📋 TL;DR

SICAM GridEdge (Classic) versions before V2.6.6 lack proper CORS restrictions, allowing attackers to trick authenticated users into executing malicious requests via cross-origin attacks. This affects all users of vulnerable SICAM GridEdge (Classic) installations.

💻 Affected Systems

Products:

SICAM GridEdge (Classic)

Versions: All versions < V2.6.6

Operating Systems: Not specified in advisory

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated user to be tricked into accessing malicious resource.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the SICAM GridEdge system, allowing attackers to execute arbitrary commands, modify configurations, or disrupt grid operations.

🟠

Likely Case

Unauthorized data access, configuration changes, or limited command execution through authenticated user sessions.

🟢

If Mitigated

Attack fails due to proper network segmentation, user awareness training, and access controls limiting impact.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires social engineering to trick authenticated users and knowledge of system endpoints.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V2.6.6

Vendor Advisory: https://cert-portal.siemens.com/productcert/html/ssa-631336.html

Restart Required: Yes

Instructions:

1. Download V2.6.6 from Siemens support portal. 2. Backup current configuration. 3. Apply update following Siemens installation guide. 4. Restart system. 5. Verify version update.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate SICAM GridEdge systems from untrusted networks and user workstations.

User Awareness Training

all

Train users to avoid clicking suspicious links while authenticated to critical systems.

🧯 If You Can't Patch

Implement strict network segmentation to isolate SICAM GridEdge from user workstations and internet.
Deploy web application firewall with CORS policy enforcement and monitor for suspicious requests.

🔍 How to Verify

Check if Vulnerable:

Check SICAM GridEdge version via web interface or system logs. If version is below V2.6.6, system is vulnerable.

Check Version:

Check via SICAM GridEdge web interface or consult Siemens documentation for version query commands.

Verify Fix Applied:

Verify version shows V2.6.6 or higher in system interface and test CORS headers on critical endpoints.

📡 Detection & Monitoring

Log Indicators:

Unusual cross-origin requests to critical endpoints
Multiple failed authentication attempts followed by successful CORS requests

Network Indicators:

HTTP requests with Origin headers to SICAM GridEdge from unexpected domains
CORS preflight requests to sensitive endpoints

SIEM Query:

source="SICAM GridEdge" AND (http.method="OPTIONS" OR http.headers.origin="*")

📊 Metadata

CVE ID: CVE-2022-30228

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-346

Published: June 14, 2022

Last Updated: November 12, 2025

🔗 References

https://cert-portal.siemens.com/productcert/html/ssa-631336.html
https://cert-portal.siemens.com/productcert/pdf/ssa-631336.pdf Patch,Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-631336.pdf Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-30228, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Sicam Gridedge Essential by Siemens

Sicam Gridedge Essential by Siemens

Sicam Gridedge Essential by Siemens

Sicam Gridedge Essential by Siemens

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Segmentation

User Awareness Training

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities