CVE-2022-30230 – This vulnerability allows unauthenticated attac... (How to Fix)

Q: How do I fix CVE-2022-30230?

1. Download V2.6.6 or later from Siemens support portal. 2. Backup current configuration. 3. Apply update following Siemens installation guide. 4. Restart system. 5. Verify version and functionality.

Q: What is the severity of CVE-2022-30230?

CVE-2022-30230 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows unauthenticated attackers to create administrative user accounts in SICAM GridEdge Classic systems. All versions before V2.6.6 are affected, potentially compromising critical industrial control systems.

📋 TL;DR

This vulnerability allows unauthenticated attackers to create administrative user accounts in SICAM GridEdge Classic systems. All versions before V2.6.6 are affected, potentially compromising critical industrial control systems.

💻 Affected Systems

Products:

SICAM GridEdge Classic

Versions: All versions < V2.6.6

Operating Systems: Not specified in advisory

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments with affected versions are vulnerable by default; no special configuration required.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover with administrative privileges, enabling attackers to disrupt grid operations, manipulate control systems, or deploy ransomware.

🟠

Likely Case

Unauthenticated attackers gain administrative access, allowing them to modify configurations, exfiltrate sensitive data, or establish persistence for future attacks.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to isolated systems, though the vulnerability remains exploitable within the network segment.

🌐 Internet-Facing: HIGH - If exposed to the internet, attackers can remotely exploit without authentication to gain full control.

🏢 Internal Only: HIGH - Even internally, unauthenticated network access allows exploitation by any internal threat actor or compromised device.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability description suggests straightforward exploitation without authentication requirements.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V2.6.6 or later

Vendor Advisory: https://cert-portal.siemens.com/productcert/html/ssa-631336.html

Restart Required: Yes

Instructions:

1. Download V2.6.6 or later from Siemens support portal. 2. Backup current configuration. 3. Apply update following Siemens installation guide. 4. Restart system. 5. Verify version and functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate SICAM GridEdge systems from untrusted networks using firewalls and VLANs.

Access Control Lists

all

Implement strict network access controls to limit connections to trusted IP addresses only.

🧯 If You Can't Patch

Implement strict network segmentation to isolate vulnerable systems from all untrusted networks.
Deploy intrusion detection systems to monitor for unauthorized access attempts and user creation activities.

🔍 How to Verify

Check if Vulnerable:

Check system version via web interface or CLI; if version is below V2.6.6, system is vulnerable.

Check Version:

Check via web interface or consult Siemens documentation for version query command.

Verify Fix Applied:

After patching, verify version is V2.6.6 or later and test that unauthenticated user creation is no longer possible.

📡 Detection & Monitoring

Log Indicators:

Unauthenticated access attempts
New user creation events
Administrative privilege changes

Network Indicators:

Unusual authentication bypass patterns
Unexpected administrative account creation requests

SIEM Query:

source="SICAM_GridEdge" AND (event_type="user_creation" OR auth_result="bypass")

📊 Metadata

CVE ID: CVE-2022-30230

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-306

Published: June 14, 2022

Last Updated: November 12, 2025

🔗 References

https://cert-portal.siemens.com/productcert/html/ssa-631336.html
https://cert-portal.siemens.com/productcert/pdf/ssa-631336.pdf Patch,Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-631336.pdf Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-30230, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Sicam Gridedge Essential by Siemens

Sicam Gridedge Essential by Siemens

Sicam Gridedge Essential by Siemens

Sicam Gridedge Essential by Siemens

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Segmentation

Access Control Lists

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities