Vulnerability-Lookup

CVE-2023-30901 (GCVE-0-2023-30901)

Vulnerability from cvelistv5 – Published: 2023-06-13 08:17 – Updated: 2025-12-09 10:44

Summary

A vulnerability has been identified in SICAM P850 (7KG8500-0AA00-0AA0) (All versions < V3.11), SICAM P850 (7KG8500-0AA00-2AA0) (All versions < V3.11), SICAM P850 (7KG8500-0AA10-0AA0) (All versions < V3.11), SICAM P850 (7KG8500-0AA10-2AA0) (All versions < V3.11), SICAM P850 (7KG8500-0AA30-0AA0) (All versions < V3.11), SICAM P850 (7KG8500-0AA30-2AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA01-0AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA01-2AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA02-0AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA02-2AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA11-0AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA11-2AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA12-0AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA12-2AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA31-0AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA31-2AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA32-0AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA32-2AA0) (All versions < V3.11), SICAM P855 (7KG8550-0AA00-0AA0) (All versions < V3.11), SICAM P855 (7KG8550-0AA00-2AA0) (All versions < V3.11), SICAM P855 (7KG8550-0AA10-0AA0) (All versions < V3.11), SICAM P855 (7KG8550-0AA10-2AA0) (All versions < V3.11), SICAM P855 (7KG8550-0AA30-0AA0) (All versions < V3.11), SICAM P855 (7KG8550-0AA30-2AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA01-0AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA01-2AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA02-0AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA02-2AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA11-0AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA11-2AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA12-0AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA12-2AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA31-0AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA31-2AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA32-0AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA32-2AA0) (All versions < V3.11), SICAM T (All versions < V3.0). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user.

Severity

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE

CWE-352 - Cross-Site Request Forgery (CSRF)

Assigner

siemens

References

6 references

URL	Tags
https://cert-portal.siemens.com/productcert/pdf/s…
https://cert-portal.siemens.com/productcert/pdf/s…
https://cert-portal.siemens.com/productcert/html/…
https://cert-portal.siemens.com/productcert/html/…
https://cert-portal.siemens.com/productcert/html/…
https://cert-portal.siemens.com/productcert/html/…

Impacted products

37 products

Vendor	Product	Version
Siemens	SICAM P850	Affected: 0 , < V3.11 (custom)
Siemens	SICAM P850	Affected: 0 , < V3.11 (custom)
Siemens	SICAM P850	Affected: 0 , < V3.11 (custom)
Siemens	SICAM P850	Affected: 0 , < V3.11 (custom)
Siemens	SICAM P850	Affected: 0 , < V3.11 (custom)
Siemens	SICAM P850	Affected: 0 , < V3.11 (custom)
Siemens	SICAM P850	Affected: 0 , < V3.11 (custom)
Siemens	SICAM P850	Affected: 0 , < V3.11 (custom)
Siemens	SICAM P850	Affected: 0 , < V3.11 (custom)
Siemens	SICAM P850	Affected: 0 , < V3.11 (custom)
Siemens	SICAM P850	Affected: 0 , < V3.11 (custom)
Siemens	SICAM P850	Affected: 0 , < V3.11 (custom)
Siemens	SICAM P850	Affected: 0 , < V3.11 (custom)
Siemens	SICAM P850	Affected: 0 , < V3.11 (custom)
Siemens	SICAM P850	Affected: 0 , < V3.11 (custom)
Siemens	SICAM P850	Affected: 0 , < V3.11 (custom)
Siemens	SICAM P850	Affected: 0 , < V3.11 (custom)
Siemens	SICAM P850	Affected: 0 , < V3.11 (custom)
Siemens	SICAM P855	Affected: 0 , < V3.11 (custom)
Siemens	SICAM P855	Affected: 0 , < V3.11 (custom)
Siemens	SICAM P855	Affected: 0 , < V3.11 (custom)
Siemens	SICAM P855	Affected: 0 , < V3.11 (custom)
Siemens	SICAM P855	Affected: 0 , < V3.11 (custom)
Siemens	SICAM P855	Affected: 0 , < V3.11 (custom)
Siemens	SICAM P855	Affected: 0 , < V3.11 (custom)
Siemens	SICAM P855	Affected: 0 , < V3.11 (custom)
Siemens	SICAM P855	Affected: 0 , < V3.11 (custom)
Siemens	SICAM P855	Affected: 0 , < V3.11 (custom)
Siemens	SICAM P855	Affected: 0 , < V3.11 (custom)
Siemens	SICAM P855	Affected: 0 , < V3.11 (custom)
Siemens	SICAM P855	Affected: 0 , < V3.11 (custom)
Siemens	SICAM P855	Affected: 0 , < V3.11 (custom)
Siemens	SICAM P855	Affected: 0 , < V3.11 (custom)
Siemens	SICAM P855	Affected: 0 , < V3.11 (custom)
Siemens	SICAM P855	Affected: 0 , < V3.11 (custom)
Siemens	SICAM P855	Affected: 0 , < V3.11 (custom)
Siemens	SICAM T	Affected: 0 , < V3.0 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:37:15.518Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-887249.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480095.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-30901",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-05T18:36:33.559072Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-05T18:58:01.759Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "SICAM P850",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SICAM P850",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SICAM P850",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SICAM P850",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SICAM P850",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SICAM P850",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SICAM P850",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SICAM P850",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SICAM P850",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SICAM P850",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SICAM P850",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SICAM P850",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SICAM P850",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SICAM P850",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SICAM P850",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SICAM P850",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SICAM P850",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SICAM P850",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SICAM P855",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SICAM P855",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SICAM P855",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SICAM P855",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SICAM P855",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SICAM P855",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SICAM P855",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SICAM P855",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SICAM P855",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SICAM P855",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SICAM P855",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SICAM P855",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SICAM P855",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SICAM P855",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SICAM P855",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SICAM P855",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SICAM P855",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SICAM P855",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SICAM T",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SICAM P850 (7KG8500-0AA00-0AA0) (All versions \u003c V3.11), SICAM P850 (7KG8500-0AA00-2AA0) (All versions \u003c V3.11), SICAM P850 (7KG8500-0AA10-0AA0) (All versions \u003c V3.11), SICAM P850 (7KG8500-0AA10-2AA0) (All versions \u003c V3.11), SICAM P850 (7KG8500-0AA30-0AA0) (All versions \u003c V3.11), SICAM P850 (7KG8500-0AA30-2AA0) (All versions \u003c V3.11), SICAM P850 (7KG8501-0AA01-0AA0) (All versions \u003c V3.11), SICAM P850 (7KG8501-0AA01-2AA0) (All versions \u003c V3.11), SICAM P850 (7KG8501-0AA02-0AA0) (All versions \u003c V3.11), SICAM P850 (7KG8501-0AA02-2AA0) (All versions \u003c V3.11), SICAM P850 (7KG8501-0AA11-0AA0) (All versions \u003c V3.11), SICAM P850 (7KG8501-0AA11-2AA0) (All versions \u003c V3.11), SICAM P850 (7KG8501-0AA12-0AA0) (All versions \u003c V3.11), SICAM P850 (7KG8501-0AA12-2AA0) (All versions \u003c V3.11), SICAM P850 (7KG8501-0AA31-0AA0) (All versions \u003c V3.11), SICAM P850 (7KG8501-0AA31-2AA0) (All versions \u003c V3.11), SICAM P850 (7KG8501-0AA32-0AA0) (All versions \u003c V3.11), SICAM P850 (7KG8501-0AA32-2AA0) (All versions \u003c V3.11), SICAM P855 (7KG8550-0AA00-0AA0) (All versions \u003c V3.11), SICAM P855 (7KG8550-0AA00-2AA0) (All versions \u003c V3.11), SICAM P855 (7KG8550-0AA10-0AA0) (All versions \u003c V3.11), SICAM P855 (7KG8550-0AA10-2AA0) (All versions \u003c V3.11), SICAM P855 (7KG8550-0AA30-0AA0) (All versions \u003c V3.11), SICAM P855 (7KG8550-0AA30-2AA0) (All versions \u003c V3.11), SICAM P855 (7KG8551-0AA01-0AA0) (All versions \u003c V3.11), SICAM P855 (7KG8551-0AA01-2AA0) (All versions \u003c V3.11), SICAM P855 (7KG8551-0AA02-0AA0) (All versions \u003c V3.11), SICAM P855 (7KG8551-0AA02-2AA0) (All versions \u003c V3.11), SICAM P855 (7KG8551-0AA11-0AA0) (All versions \u003c V3.11), SICAM P855 (7KG8551-0AA11-2AA0) (All versions \u003c V3.11), SICAM P855 (7KG8551-0AA12-0AA0) (All versions \u003c V3.11), SICAM P855 (7KG8551-0AA12-2AA0) (All versions \u003c V3.11), SICAM P855 (7KG8551-0AA31-0AA0) (All versions \u003c V3.11), SICAM P855 (7KG8551-0AA31-2AA0) (All versions \u003c V3.11), SICAM P855 (7KG8551-0AA32-0AA0) (All versions \u003c V3.11), SICAM P855 (7KG8551-0AA32-2AA0) (All versions \u003c V3.11), SICAM T (All versions \u003c V3.0). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "CWE-352: Cross-Site Request Forgery (CSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-09T10:44:07.554Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-887249.pdf"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480095.pdf"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-887249.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-480095.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-201498.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-471761.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2023-30901",
    "datePublished": "2023-06-13T08:17:12.290Z",
    "dateReserved": "2023-04-20T12:49:03.482Z",
    "dateUpdated": "2025-12-09T10:44:07.554Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-30901",
      "date": "2026-06-01",
      "epss": "0.00205",
      "percentile": "0.42579"
    },
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:q200_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.70\", \"matchCriteriaId\": \"D1D626C5-92BF-4C9B-9EF2-24347CF24491\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:q200:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CC2EA3F6-418C-49A4-B23C-E7BD56395466\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability has been identified in POWER METER SICAM Q100 (All versions \u003c V2.60), POWER METER SICAM Q100 (All versions \u003c V2.60), POWER METER SICAM Q100 (All versions \u003c V2.60), POWER METER SICAM Q100 (All versions \u003c V2.60). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user.\"}]",
      "id": "CVE-2023-30901",
      "lastModified": "2024-11-21T08:01:02.097",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"productcert@siemens.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 1.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}]}",
      "published": "2023-06-13T09:15:17.763",
      "references": "[{\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-480095.pdf\", \"source\": \"productcert@siemens.com\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-887249.pdf\", \"source\": \"productcert@siemens.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-480095.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-887249.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "productcert@siemens.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"productcert@siemens.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-352\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-352\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-30901\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2023-06-13T09:15:17.763\",\"lastModified\":\"2025-12-09T16:17:20.330\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in SICAM P850 (7KG8500-0AA00-0AA0) (All versions \u003c V3.11), SICAM P850 (7KG8500-0AA00-2AA0) (All versions \u003c V3.11), SICAM P850 (7KG8500-0AA10-0AA0) (All versions \u003c V3.11), SICAM P850 (7KG8500-0AA10-2AA0) (All versions \u003c V3.11), SICAM P850 (7KG8500-0AA30-0AA0) (All versions \u003c V3.11), SICAM P850 (7KG8500-0AA30-2AA0) (All versions \u003c V3.11), SICAM P850 (7KG8501-0AA01-0AA0) (All versions \u003c V3.11), SICAM P850 (7KG8501-0AA01-2AA0) (All versions \u003c V3.11), SICAM P850 (7KG8501-0AA02-0AA0) (All versions \u003c V3.11), SICAM P850 (7KG8501-0AA02-2AA0) (All versions \u003c V3.11), SICAM P850 (7KG8501-0AA11-0AA0) (All versions \u003c V3.11), SICAM P850 (7KG8501-0AA11-2AA0) (All versions \u003c V3.11), SICAM P850 (7KG8501-0AA12-0AA0) (All versions \u003c V3.11), SICAM P850 (7KG8501-0AA12-2AA0) (All versions \u003c V3.11), SICAM P850 (7KG8501-0AA31-0AA0) (All versions \u003c V3.11), SICAM P850 (7KG8501-0AA31-2AA0) (All versions \u003c V3.11), SICAM P850 (7KG8501-0AA32-0AA0) (All versions \u003c V3.11), SICAM P850 (7KG8501-0AA32-2AA0) (All versions \u003c V3.11), SICAM P855 (7KG8550-0AA00-0AA0) (All versions \u003c V3.11), SICAM P855 (7KG8550-0AA00-2AA0) (All versions \u003c V3.11), SICAM P855 (7KG8550-0AA10-0AA0) (All versions \u003c V3.11), SICAM P855 (7KG8550-0AA10-2AA0) (All versions \u003c V3.11), SICAM P855 (7KG8550-0AA30-0AA0) (All versions \u003c V3.11), SICAM P855 (7KG8550-0AA30-2AA0) (All versions \u003c V3.11), SICAM P855 (7KG8551-0AA01-0AA0) (All versions \u003c V3.11), SICAM P855 (7KG8551-0AA01-2AA0) (All versions \u003c V3.11), SICAM P855 (7KG8551-0AA02-0AA0) (All versions \u003c V3.11), SICAM P855 (7KG8551-0AA02-2AA0) (All versions \u003c V3.11), SICAM P855 (7KG8551-0AA11-0AA0) (All versions \u003c V3.11), SICAM P855 (7KG8551-0AA11-2AA0) (All versions \u003c V3.11), SICAM P855 (7KG8551-0AA12-0AA0) (All versions \u003c V3.11), SICAM P855 (7KG8551-0AA12-2AA0) (All versions \u003c V3.11), SICAM P855 (7KG8551-0AA31-0AA0) (All versions \u003c V3.11), SICAM P855 (7KG8551-0AA31-2AA0) (All versions \u003c V3.11), SICAM P855 (7KG8551-0AA32-0AA0) (All versions \u003c V3.11), SICAM P855 (7KG8551-0AA32-2AA0) (All versions \u003c V3.11), SICAM T (All versions \u003c V3.0). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:q200_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.70\",\"matchCriteriaId\":\"D1D626C5-92BF-4C9B-9EF2-24347CF24491\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:q200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC2EA3F6-418C-49A4-B23C-E7BD56395466\"}]}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-201498.html\",\"source\":\"productcert@siemens.com\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-471761.html\",\"source\":\"productcert@siemens.com\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-480095.html\",\"source\":\"productcert@siemens.com\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-887249.html\",\"source\":\"productcert@siemens.com\"},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-480095.pdf\",\"source\":\"productcert@siemens.com\"},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-887249.pdf\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-480095.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-887249.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-887249.pdf\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-480095.pdf\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T14:37:15.518Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-30901\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-05T18:36:33.559072Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-05T18:36:35.197Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\"}}], \"affected\": [{\"vendor\": \"Siemens\", \"product\": \"SICAM P850\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.11\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SICAM P850\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.11\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SICAM P850\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.11\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SICAM P850\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.11\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SICAM P850\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.11\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SICAM P850\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.11\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SICAM P850\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.11\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SICAM P850\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.11\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SICAM P850\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.11\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SICAM P850\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.11\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SICAM P850\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.11\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SICAM P850\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.11\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SICAM P850\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.11\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SICAM P850\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.11\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SICAM P850\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.11\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SICAM P850\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.11\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SICAM P850\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.11\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SICAM P850\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.11\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SICAM P855\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.11\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SICAM P855\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.11\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SICAM P855\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.11\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SICAM P855\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.11\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SICAM P855\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.11\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SICAM P855\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.11\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SICAM P855\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.11\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SICAM P855\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.11\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SICAM P855\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.11\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SICAM P855\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.11\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SICAM P855\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.11\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SICAM P855\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.11\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SICAM P855\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.11\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SICAM P855\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.11\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SICAM P855\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.11\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SICAM P855\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.11\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SICAM P855\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.11\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SICAM P855\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.11\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SICAM T\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"references\": [{\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-887249.pdf\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-480095.pdf\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-887249.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-480095.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-201498.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-471761.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability has been identified in SICAM P850 (7KG8500-0AA00-0AA0) (All versions \u003c V3.11), SICAM P850 (7KG8500-0AA00-2AA0) (All versions \u003c V3.11), SICAM P850 (7KG8500-0AA10-0AA0) (All versions \u003c V3.11), SICAM P850 (7KG8500-0AA10-2AA0) (All versions \u003c V3.11), SICAM P850 (7KG8500-0AA30-0AA0) (All versions \u003c V3.11), SICAM P850 (7KG8500-0AA30-2AA0) (All versions \u003c V3.11), SICAM P850 (7KG8501-0AA01-0AA0) (All versions \u003c V3.11), SICAM P850 (7KG8501-0AA01-2AA0) (All versions \u003c V3.11), SICAM P850 (7KG8501-0AA02-0AA0) (All versions \u003c V3.11), SICAM P850 (7KG8501-0AA02-2AA0) (All versions \u003c V3.11), SICAM P850 (7KG8501-0AA11-0AA0) (All versions \u003c V3.11), SICAM P850 (7KG8501-0AA11-2AA0) (All versions \u003c V3.11), SICAM P850 (7KG8501-0AA12-0AA0) (All versions \u003c V3.11), SICAM P850 (7KG8501-0AA12-2AA0) (All versions \u003c V3.11), SICAM P850 (7KG8501-0AA31-0AA0) (All versions \u003c V3.11), SICAM P850 (7KG8501-0AA31-2AA0) (All versions \u003c V3.11), SICAM P850 (7KG8501-0AA32-0AA0) (All versions \u003c V3.11), SICAM P850 (7KG8501-0AA32-2AA0) (All versions \u003c V3.11), SICAM P855 (7KG8550-0AA00-0AA0) (All versions \u003c V3.11), SICAM P855 (7KG8550-0AA00-2AA0) (All versions \u003c V3.11), SICAM P855 (7KG8550-0AA10-0AA0) (All versions \u003c V3.11), SICAM P855 (7KG8550-0AA10-2AA0) (All versions \u003c V3.11), SICAM P855 (7KG8550-0AA30-0AA0) (All versions \u003c V3.11), SICAM P855 (7KG8550-0AA30-2AA0) (All versions \u003c V3.11), SICAM P855 (7KG8551-0AA01-0AA0) (All versions \u003c V3.11), SICAM P855 (7KG8551-0AA01-2AA0) (All versions \u003c V3.11), SICAM P855 (7KG8551-0AA02-0AA0) (All versions \u003c V3.11), SICAM P855 (7KG8551-0AA02-2AA0) (All versions \u003c V3.11), SICAM P855 (7KG8551-0AA11-0AA0) (All versions \u003c V3.11), SICAM P855 (7KG8551-0AA11-2AA0) (All versions \u003c V3.11), SICAM P855 (7KG8551-0AA12-0AA0) (All versions \u003c V3.11), SICAM P855 (7KG8551-0AA12-2AA0) (All versions \u003c V3.11), SICAM P855 (7KG8551-0AA31-0AA0) (All versions \u003c V3.11), SICAM P855 (7KG8551-0AA31-2AA0) (All versions \u003c V3.11), SICAM P855 (7KG8551-0AA32-0AA0) (All versions \u003c V3.11), SICAM P855 (7KG8551-0AA32-2AA0) (All versions \u003c V3.11), SICAM T (All versions \u003c V3.0). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-352\", \"description\": \"CWE-352: Cross-Site Request Forgery (CSRF)\"}]}], \"providerMetadata\": {\"orgId\": \"cec7a2ec-15b4-4faf-bd53-b40f371f3a77\", \"shortName\": \"siemens\", \"dateUpdated\": \"2025-12-09T10:44:07.554Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-30901\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-09T10:44:07.554Z\", \"dateReserved\": \"2023-04-20T12:49:03.482Z\", \"assignerOrgId\": \"cec7a2ec-15b4-4faf-bd53-b40f371f3a77\", \"datePublished\": \"2023-06-13T08:17:12.290Z\", \"assignerShortName\": \"siemens\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

SSA-480095

Vulnerability from csaf_siemens - Published: 2023-12-12 00:00 - Updated: 2024-01-09 00:00

Summary

SSA-480095: Vulnerabilities in the Web Interface of SICAM Q100 Devices before V2.60

Notes

Summary: The web server of SICAM Q100 devices, versions before V2.60, contains a Cross Site Request Forgery (CSRF) vulnerability and is missing cookie protection flags. This could allow an attacker to perform arbitrary actions on the device on behalf of a legitimate user, or impersonate that user. Siemens has released new versions for the affected products and recommends to update to the latest versions.

General Recommendations: Operators of critical power systems (e.g. TSOs or DSOs) worldwide are usually required by regulations to build resilience into the power grids by applying multi-level redundant secondary protection schemes. It is therefore recommended that the operators check whether appropriate resilient protection measures are in place. The risk of cyber incidents impacting the grid's reliability can thus be minimized by virtue of the grid design. Siemens strongly recommends applying the provided security updates using the corresponding tooling and documented procedures made available with the product. If supported by the product, an automated means to apply the security updates across multiple product instances may be used. Siemens strongly recommends prior validation of any security update before being applied, and supervision by trained staff of the update process in the target environment. As a general security measure Siemens strongly recommends to protect network access with appropriate mechanisms (e.g. firewalls, segmentation, VPN). It is advised to configure the environment according to our operational guidelines in order to run the devices in a protected IT environment. Recommended security guidelines can be found at: https://www.siemens.com/gridsecurity

Additional Resources: For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

Terms of Use: Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.

CVE-2023-30901

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C

CWE-352 - Cross-Site Request Forgery (CSRF)

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) Siemens / POWER METER SICAM Q100 (7KG9501-0AA01-0AA1)	`7KG9501-0AA01-0AA1`	<V2.60	Mitigation Vendor Fix
POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) Siemens / POWER METER SICAM Q100 (7KG9501-0AA01-2AA1)	`7KG9501-0AA01-2AA1`	<V2.60	Mitigation Vendor Fix
POWER METER SICAM Q100 (7KG9501-0AA31-0AA1) Siemens / POWER METER SICAM Q100 (7KG9501-0AA31-0AA1)	`7KG9501-0AA31-0AA1`	<V2.60	Mitigation Vendor Fix
POWER METER SICAM Q100 (7KG9501-0AA31-2AA1) Siemens / POWER METER SICAM Q100 (7KG9501-0AA31-2AA1)	`7KG9501-0AA31-2AA1`	<V2.60	Mitigation Vendor Fix

CVE-2023-31238

5.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C

CWE-732 - Incorrect Permission Assignment for Critical Resource

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) Siemens / POWER METER SICAM Q100 (7KG9501-0AA01-0AA1)	`7KG9501-0AA01-0AA1`	<V2.60	Vendor Fix Workaround
POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) Siemens / POWER METER SICAM Q100 (7KG9501-0AA01-2AA1)	`7KG9501-0AA01-2AA1`	<V2.60	Vendor Fix Workaround
POWER METER SICAM Q100 (7KG9501-0AA31-0AA1) Siemens / POWER METER SICAM Q100 (7KG9501-0AA31-0AA1)	`7KG9501-0AA31-0AA1`	<V2.60	Vendor Fix Workaround
POWER METER SICAM Q100 (7KG9501-0AA31-2AA1) Siemens / POWER METER SICAM Q100 (7KG9501-0AA31-2AA1)	`7KG9501-0AA31-2AA1`	<V2.60	Vendor Fix Workaround

References

4 references

URL	Category
https://cert-portal.siemens.com/productcert/html/…	self
https://cert-portal.siemens.com/productcert/csaf/…	self
https://cert-portal.siemens.com/productcert/pdf/s…	self
https://cert-portal.siemens.com/productcert/txt/s…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "The web server of SICAM Q100 devices, versions before V2.60, contains a Cross Site Request Forgery (CSRF) vulnerability and is missing cookie protection flags. This could allow an attacker to perform arbitrary actions on the device on behalf of a legitimate user, or impersonate that user.\n\nSiemens has released new versions for the affected products and recommends to update to the latest versions.",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "Operators of critical power systems (e.g. TSOs or DSOs) worldwide are usually required by regulations to build resilience into the power grids by applying multi-level redundant secondary protection schemes. It is therefore recommended that the operators check whether appropriate resilient protection measures are in place. The risk of cyber incidents impacting the grid\u0027s reliability can thus be minimized by virtue of the grid design.\nSiemens strongly recommends applying the provided security updates using the corresponding tooling and documented procedures made available with the product. If supported by the product, an automated means to apply the security updates across multiple product instances may be used. Siemens strongly recommends prior validation of any security update before being applied, and supervision by trained staff of the update process in the target environment. \nAs a general security measure Siemens strongly recommends to protect network access with appropriate mechanisms (e.g. firewalls, segmentation, VPN). It is advised to configure the environment according to our operational guidelines in order to run the devices in a protected IT environment.\n\nRecommended security guidelines can be found at:\n\nhttps://www.siemens.com/gridsecurity",
        "title": "General Recommendations"
      },
      {
        "category": "general",
        "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "productcert@siemens.com",
      "name": "Siemens ProductCERT",
      "namespace": "https://www.siemens.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "SSA-480095: Vulnerabilities in the Web Interface of SICAM Q100 Devices before V2.60 - HTML Version",
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-480095.html"
      },
      {
        "category": "self",
        "summary": "SSA-480095: Vulnerabilities in the Web Interface of SICAM Q100 Devices before V2.60 - CSAF Version",
        "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-480095.json"
      },
      {
        "category": "self",
        "summary": "SSA-480095: Vulnerabilities in the Web Interface of SICAM Q100 Devices before V2.60 - PDF Version",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480095.pdf"
      },
      {
        "category": "self",
        "summary": "SSA-480095: Vulnerabilities in the Web Interface of SICAM Q100 Devices before V2.60 - TXT Version",
        "url": "https://cert-portal.siemens.com/productcert/txt/ssa-480095.txt"
      }
    ],
    "title": "SSA-480095: Vulnerabilities in the Web Interface of SICAM Q100 Devices before V2.60",
    "tracking": {
      "current_release_date": "2024-01-09T00:00:00Z",
      "generator": {
        "engine": {
          "name": "Siemens ProductCERT CSAF Generator",
          "version": "1"
        }
      },
      "id": "SSA-480095",
      "initial_release_date": "2023-12-12T00:00:00Z",
      "revision_history": [
        {
          "date": "2023-12-12T00:00:00Z",
          "legacy_version": "1.0",
          "number": "1",
          "summary": "Publication Date"
        },
        {
          "date": "2024-01-09T00:00:00Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Added legacy Q100 device models (-0AA1) which are also affected and provide the same fix version"
        }
      ],
      "status": "interim",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cV2.60",
                "product": {
                  "name": "POWER METER SICAM Q100 (7KG9501-0AA01-0AA1)",
                  "product_id": "1",
                  "product_identification_helper": {
                    "model_numbers": [
                      "7KG9501-0AA01-0AA1"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "POWER METER SICAM Q100 (7KG9501-0AA01-0AA1)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cV2.60",
                "product": {
                  "name": "POWER METER SICAM Q100 (7KG9501-0AA01-2AA1)",
                  "product_id": "2",
                  "product_identification_helper": {
                    "model_numbers": [
                      "7KG9501-0AA01-2AA1"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "POWER METER SICAM Q100 (7KG9501-0AA01-2AA1)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cV2.60",
                "product": {
                  "name": "POWER METER SICAM Q100 (7KG9501-0AA31-0AA1)",
                  "product_id": "3",
                  "product_identification_helper": {
                    "model_numbers": [
                      "7KG9501-0AA31-0AA1"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "POWER METER SICAM Q100 (7KG9501-0AA31-0AA1)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cV2.60",
                "product": {
                  "name": "POWER METER SICAM Q100 (7KG9501-0AA31-2AA1)",
                  "product_id": "4",
                  "product_identification_helper": {
                    "model_numbers": [
                      "7KG9501-0AA31-2AA1"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "POWER METER SICAM Q100 (7KG9501-0AA31-2AA1)"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-30901",
      "cwe": {
        "id": "CWE-352",
        "name": "Cross-Site Request Forgery (CSRF)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1",
          "2",
          "3",
          "4"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "CVE-2023-30901: Do not access links from untrusted sources while logged in at affected devices",
          "product_ids": [
            "1",
            "2",
            "3",
            "4"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2.60 or later version",
          "product_ids": [
            "1",
            "2",
            "3",
            "4"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "4",
            "3",
            "1",
            "2"
          ]
        }
      ],
      "title": "CVE-2023-30901"
    },
    {
      "cve": "CVE-2023-31238",
      "cwe": {
        "id": "CWE-732",
        "name": "Incorrect Permission Assignment for Critical Resource"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Affected devices are missing cookie protection flags when using the default settings. An attacker who gains access to a session token can use it to impersonate a legitimate application user.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1",
          "2",
          "3",
          "4"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V2.60 or later version",
          "product_ids": [
            "1",
            "2",
            "3",
            "4"
          ]
        },
        {
          "category": "workaround",
          "details": "CVE-2023-31238: Restrict access to port 443/tcp to trusted IP addresses only",
          "product_ids": [
            "1",
            "2",
            "3",
            "4"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "4",
            "3",
            "1",
            "2"
          ]
        }
      ],
      "title": "CVE-2023-31238"
    }
  ]
}

SSA-887249

Vulnerability from csaf_siemens - Published: 2023-06-13 00:00 - Updated: 2023-06-13 00:00

Summary

SSA-887249: Multiple Vulnerabilities in the Web Interface of SICAM Q200 Devices

Notes

Summary: Multiple vulnerabilities were identified in the webserver of Q200 devices. These include Cross Site Request Forgery (CSRF), session fixation, missing secure flags in HTTP cookies and memory corruption issues due to missing input validation that could lead to remote code execution. Siemens has released an update for POWER METER SICAM Q200 family and recommends to update to the latest version.

Additional Resources: For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

CVE-2022-43398

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-384 - Session Fixation

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
POWER METER SICAM Q200 family Siemens / POWER METER SICAM Q200 family		vers:all/<V2.70	Mitigation Mitigation Vendor Fix fix

CVE-2022-43439

9.9 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-20 - Improper Input Validation

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
POWER METER SICAM Q200 family Siemens / POWER METER SICAM Q200 family		vers:all/<V2.70	Mitigation Mitigation Vendor Fix fix

CVE-2022-43545

9.9 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-20 - Improper Input Validation

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
POWER METER SICAM Q200 family Siemens / POWER METER SICAM Q200 family		vers:all/<V2.70	Mitigation Mitigation Vendor Fix fix

CVE-2022-43546

9.9 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-20 - Improper Input Validation

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
POWER METER SICAM Q200 family Siemens / POWER METER SICAM Q200 family		vers:all/<V2.70	Mitigation Mitigation Vendor Fix fix

CVE-2023-30901

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C

CWE-352 - Cross-Site Request Forgery (CSRF)

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
POWER METER SICAM Q200 family Siemens / POWER METER SICAM Q200 family		vers:all/<V2.70	Mitigation Mitigation Vendor Fix fix

CVE-2023-31238

5.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C

CWE-732 - Incorrect Permission Assignment for Critical Resource

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
POWER METER SICAM Q200 family Siemens / POWER METER SICAM Q200 family		vers:all/<V2.70	Mitigation Mitigation Vendor Fix fix

References

4 references

URL	Category
https://cert-portal.siemens.com/productcert/html/…	self
https://cert-portal.siemens.com/productcert/csaf/…	self
https://cert-portal.siemens.com/productcert/pdf/s…	self
https://cert-portal.siemens.com/productcert/txt/s…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Multiple vulnerabilities were identified in the webserver of Q200 devices. These include Cross Site Request Forgery (CSRF), session fixation, missing secure flags in HTTP cookies and memory corruption issues due to missing input validation that could lead to remote code execution. \n\nSiemens has released an update for POWER METER SICAM Q200 family and recommends to update to the latest version.",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "Operators of critical power systems (e.g. TSOs or DSOs) worldwide are usually required by regulations to build resilience into the power grids by applying multi-level redundant secondary protection schemes. It is therefore recommended that the operators check whether appropriate resilient protection measures are in place. The risk of cyber incidents impacting the grid\u0027s reliability can thus be minimized by virtue of the grid design.\nSiemens strongly recommends applying the provided security updates using the corresponding tooling and documented procedures made available with the product. If supported by the product, an automated means to apply the security updates across multiple product instances may be used. Siemens strongly recommends prior validation of any security update before being applied, and supervision by trained staff of the update process in the target environment. \nAs a general security measure Siemens strongly recommends to protect network access with appropriate mechanisms (e.g. firewalls, segmentation, VPN). It is advised to configure the environment according to our operational guidelines in order to run the devices in a protected IT environment.\n\nRecommended security guidelines can be found at:\n\nhttps://www.siemens.com/gridsecurity",
        "title": "General Recommendations"
      },
      {
        "category": "general",
        "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "productcert@siemens.com",
      "name": "Siemens ProductCERT",
      "namespace": "https://www.siemens.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "SSA-887249: Multiple Vulnerabilities in the Web Interface of SICAM Q200 Devices - HTML Version",
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-887249.html"
      },
      {
        "category": "self",
        "summary": "SSA-887249: Multiple Vulnerabilities in the Web Interface of SICAM Q200 Devices - CSAF Version",
        "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-887249.json"
      },
      {
        "category": "self",
        "summary": "SSA-887249: Multiple Vulnerabilities in the Web Interface of SICAM Q200 Devices - PDF Version",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-887249.pdf"
      },
      {
        "category": "self",
        "summary": "SSA-887249: Multiple Vulnerabilities in the Web Interface of SICAM Q200 Devices - TXT Version",
        "url": "https://cert-portal.siemens.com/productcert/txt/ssa-887249.txt"
      }
    ],
    "title": "SSA-887249: Multiple Vulnerabilities in the Web Interface of SICAM Q200 Devices",
    "tracking": {
      "current_release_date": "2023-06-13T00:00:00Z",
      "generator": {
        "engine": {
          "name": "Siemens ProductCERT CSAF Generator",
          "version": "1"
        }
      },
      "id": "SSA-887249",
      "initial_release_date": "2023-06-13T00:00:00Z",
      "revision_history": [
        {
          "date": "2023-06-13T00:00:00Z",
          "legacy_version": "1.0",
          "number": "1",
          "summary": "Publication Date"
        }
      ],
      "status": "interim",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/\u003cV2.70",
                "product": {
                  "name": "POWER METER SICAM Q200 family",
                  "product_id": "1"
                }
              }
            ],
            "category": "product_name",
            "name": "POWER METER SICAM Q200 family"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-43398",
      "cwe": {
        "id": "CWE-384",
        "name": "Session Fixation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Affected devices do not renew the session cookie after login/logout and also accept user defined session cookies.  An attacker could overwrite the stored session cookie of a user. After the victim logged in, the attacker is given access to the user\u0027s account through the activated session.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Do not access links from untrusted sources while logged in at Q200 devices",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Restrict access to port 443/tcp to trusted IP addresses only",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2.70 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109743592/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-43398"
    },
    {
      "cve": "CVE-2022-43439",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Affected devices do not properly validate the Language-parameter in requests to the web interface on port  443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Do not access links from untrusted sources while logged in at Q200 devices",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Restrict access to port 443/tcp to trusted IP addresses only",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2.70 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109743592/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-43439"
    },
    {
      "cve": "CVE-2022-43545",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Affected devices do not properly validate the RecordType-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Do not access links from untrusted sources while logged in at Q200 devices",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Restrict access to port 443/tcp to trusted IP addresses only",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2.70 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109743592/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-43545"
    },
    {
      "cve": "CVE-2022-43546",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Affected devices do not properly validate the EndTime-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Do not access links from untrusted sources while logged in at Q200 devices",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Restrict access to port 443/tcp to trusted IP addresses only",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2.70 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109743592/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-43546"
    },
    {
      "cve": "CVE-2023-30901",
      "cwe": {
        "id": "CWE-352",
        "name": "Cross-Site Request Forgery (CSRF)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Do not access links from untrusted sources while logged in at Q200 devices",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Restrict access to port 443/tcp to trusted IP addresses only",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2.70 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109743592/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-30901"
    },
    {
      "cve": "CVE-2023-31238",
      "cwe": {
        "id": "CWE-732",
        "name": "Incorrect Permission Assignment for Critical Resource"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Affected devices are missing cookie protection flags when using the default settings. An attacker who gains access to a session token can use it to impersonate a legitimate application user.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Do not access links from untrusted sources while logged in at Q200 devices",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Restrict access to port 443/tcp to trusted IP addresses only",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2.70 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109743592/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-31238"
    }
  ]
}

VAR-202306-0890

Vulnerability from variot - Updated: 2024-01-17 17:56

A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user. Siemens' q200 A cross-site request forgery vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SICAM Q200 is a multifunctional device for detection, reporting and analysis of measured values and events

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202306-0890",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "q200",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.70"
      },
      {
        "model": "q200",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": "q200  firmware  2.70"
      },
      {
        "model": "q200",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "q200",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "sicam q200",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "2.70"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-48551"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-009051"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-30901"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:q200_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.70",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:q200:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-30901"
      }
    ]
  },
  "cve": "CVE-2023-30901",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2023-48551",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "productcert@siemens.com",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "impactScore": 1.4,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2023-30901",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2023-30901",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "productcert@siemens.com",
            "id": "CVE-2023-30901",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2023-48551",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202306-877",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-48551"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-009051"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202306-877"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-30901"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-30901"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in POWER METER SICAM Q100 (All versions \u003c V2.60), POWER METER SICAM Q100 (All versions \u003c V2.60), POWER METER SICAM Q100 (All versions \u003c V2.60), POWER METER SICAM Q100 (All versions \u003c V2.60). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user. Siemens\u0027 q200 A cross-site request forgery vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SICAM Q200 is a multifunctional device for detection, reporting and analysis of measured values \u200b\u200band events",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-30901"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-009051"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2023-48551"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-30901"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2023-30901",
        "trust": 3.9
      },
      {
        "db": "SIEMENS",
        "id": "SSA-887249",
        "trust": 3.1
      },
      {
        "db": "SIEMENS",
        "id": "SSA-480095",
        "trust": 1.0
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-23-166-03",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-23-348-12",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU98271228",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU99464755",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-009051",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2023-48551",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202306-877",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-30901",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-48551"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-30901"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-009051"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202306-877"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-30901"
      }
    ]
  },
  "id": "VAR-202306-0890",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-48551"
      }
    ],
    "trust": 0.06
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-48551"
      }
    ]
  },
  "last_update_date": "2024-01-17T17:56:26.970000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Patch for Siemens SICAM Q200 cross-site request forgery vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/433486"
      },
      {
        "title": "Siemens POWER METER SICAM Fixes for cross-site request forgery vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=243026"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-48551"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202306-877"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-352",
        "trust": 1.0
      },
      {
        "problemtype": "Cross-site request forgery (CWE-352) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-009051"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-30901"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-887249.pdf"
      },
      {
        "trust": 1.0,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480095.pdf"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu99464755/"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu98271228/index.html"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-30901"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-03"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-12"
      },
      {
        "trust": 0.6,
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-887249.html"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2023-30901/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-48551"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-30901"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-009051"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202306-877"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-30901"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-48551"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-30901"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-009051"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202306-877"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-30901"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-06-14T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2023-48551"
      },
      {
        "date": "2023-06-13T00:00:00",
        "db": "VULMON",
        "id": "CVE-2023-30901"
      },
      {
        "date": "2023-12-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-009051"
      },
      {
        "date": "2023-06-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202306-877"
      },
      {
        "date": "2023-06-13T09:15:17.763000",
        "db": "NVD",
        "id": "CVE-2023-30901"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-06-14T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2023-48551"
      },
      {
        "date": "2023-06-13T00:00:00",
        "db": "VULMON",
        "id": "CVE-2023-30901"
      },
      {
        "date": "2023-12-21T06:27:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-009051"
      },
      {
        "date": "2023-06-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202306-877"
      },
      {
        "date": "2024-01-09T10:15:15.077000",
        "db": "NVD",
        "id": "CVE-2023-30901"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202306-877"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Siemens\u0027 \u00a0q200\u00a0 Cross-site request forgery vulnerability in firmware",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-009051"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "cross-site request forgery",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202306-877"
      }
    ],
    "trust": 0.6
  }
}

WID-SEC-W-2023-1431

Vulnerability from csaf_certbund - Published: 2023-06-12 22:00 - Updated: 2025-11-11 23:00

Summary

Siemens SICAM: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Siemens SICAM ist eine Produktfamilie von SCADA-Systemen für den Betrieb von industriellen Prozessen.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Siemens SICAM ausnutzen, um Sicherheitsvorkehrungen zu umgehen und Code auszuführen.

Betroffene Betriebssysteme: - Appliance

CVE-2022-43398

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Siemens SICAM Q200 <V2.70 Siemens / SICAM		Q200 <V2.70
Siemens SICAM Siemens / SICAM	`cpe:/h:siemens:sicam:-`	—

CVE-2022-43439

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Siemens SICAM Q200 <V2.70 Siemens / SICAM		Q200 <V2.70
Siemens SICAM Siemens / SICAM	`cpe:/h:siemens:sicam:-`	—

CVE-2022-43545

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Siemens SICAM Q200 <V2.70 Siemens / SICAM		Q200 <V2.70
Siemens SICAM Siemens / SICAM	`cpe:/h:siemens:sicam:-`	—

CVE-2022-43546

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Siemens SICAM Q200 <V2.70 Siemens / SICAM		Q200 <V2.70
Siemens SICAM Siemens / SICAM	`cpe:/h:siemens:sicam:-`	—

CVE-2023-30901

Affected products

Known affected 4 products

Product	Identifier	Version
Siemens SICAM Q200 <V2.70 Siemens / SICAM		Q200 <V2.70
Siemens SICAM Siemens / SICAM	`cpe:/h:siemens:sicam:-`	—
Siemens SICAM P855 Devices <V3.11 Siemens / SICAM		P855 Devices <V3.11
Siemens SICAM P850 Devices <V3.11 Siemens / SICAM		P850 Devices <V3.11

CVE-2023-31238

Affected products

Known affected 4 products

Product	Identifier	Version
Siemens SICAM Q200 <V2.70 Siemens / SICAM		Q200 <V2.70
Siemens SICAM Siemens / SICAM	`cpe:/h:siemens:sicam:-`	—
Siemens SICAM P855 Devices <V3.11 Siemens / SICAM		P855 Devices <V3.11
Siemens SICAM P850 Devices <V3.11 Siemens / SICAM		P850 Devices <V3.11

References

5 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://cert-portal.siemens.com/productcert/html/…	external
https://cert-portal.siemens.com/productcert/html/…	external
https://cert-portal.siemens.com/productcert/html/…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Siemens SICAM ist eine Produktfamilie von SCADA-Systemen f\u00fcr den Betrieb von industriellen Prozessen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Siemens SICAM ausnutzen, um Sicherheitsvorkehrungen zu umgehen und Code auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Appliance",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-1431 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1431.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-1431 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1431"
      },
      {
        "category": "external",
        "summary": "Siemens Security Advisory by Siemens ProductCERT vom 2023-06-12",
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-887249.html"
      },
      {
        "category": "external",
        "summary": "Siemens Security Advisory SSA-480095 vom 2023-12-12",
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-480095.html"
      },
      {
        "category": "external",
        "summary": "Siemens Security Advisory SSA-201498 vom 2025-11-11",
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-201498.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Siemens SICAM: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-11-11T23:00:00.000+00:00",
      "generator": {
        "date": "2025-11-11T19:37:21.562+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2023-1431",
      "initial_release_date": "2023-06-12T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-06-12T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-12-11T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Siemens aufgenommen"
        },
        {
          "date": "2025-11-10T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Siemens aufgenommen"
        },
        {
          "date": "2025-11-11T23:00:00.000+00:00",
          "number": "4",
          "summary": "SICAM P850 ebenfalls betroffen"
        }
      ],
      "status": "final",
      "version": "4"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Siemens SICAM",
                "product": {
                  "name": "Siemens SICAM",
                  "product_id": "T019770",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:siemens:sicam:-"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Q200 \u003cV2.70",
                "product": {
                  "name": "Siemens SICAM Q200 \u003cV2.70",
                  "product_id": "T028072"
                }
              },
              {
                "category": "product_version",
                "name": "Q200 V2.70",
                "product": {
                  "name": "Siemens SICAM Q200 V2.70",
                  "product_id": "T028072-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:siemens:sicam:q200__v2.70"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "P855 Devices \u003cV3.11",
                "product": {
                  "name": "Siemens SICAM P855 Devices \u003cV3.11",
                  "product_id": "T048424"
                }
              },
              {
                "category": "product_version",
                "name": "P855 Devices V3.11",
                "product": {
                  "name": "Siemens SICAM P855 Devices V3.11",
                  "product_id": "T048424-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:siemens:sicam:p855_devices__v3.11"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "P850 Devices \u003cV3.11",
                "product": {
                  "name": "Siemens SICAM P850 Devices \u003cV3.11",
                  "product_id": "T048468"
                }
              },
              {
                "category": "product_version",
                "name": "P850 Devices V3.11",
                "product": {
                  "name": "Siemens SICAM P850 Devices V3.11",
                  "product_id": "T048468-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:siemens:sicam:p850_devices__v3.11"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SICAM"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-43398",
      "product_status": {
        "known_affected": [
          "T028072",
          "T019770"
        ]
      },
      "release_date": "2023-06-12T22:00:00.000+00:00",
      "title": "CVE-2022-43398"
    },
    {
      "cve": "CVE-2022-43439",
      "product_status": {
        "known_affected": [
          "T028072",
          "T019770"
        ]
      },
      "release_date": "2023-06-12T22:00:00.000+00:00",
      "title": "CVE-2022-43439"
    },
    {
      "cve": "CVE-2022-43545",
      "product_status": {
        "known_affected": [
          "T028072",
          "T019770"
        ]
      },
      "release_date": "2023-06-12T22:00:00.000+00:00",
      "title": "CVE-2022-43545"
    },
    {
      "cve": "CVE-2022-43546",
      "product_status": {
        "known_affected": [
          "T028072",
          "T019770"
        ]
      },
      "release_date": "2023-06-12T22:00:00.000+00:00",
      "title": "CVE-2022-43546"
    },
    {
      "cve": "CVE-2023-30901",
      "product_status": {
        "known_affected": [
          "T028072",
          "T019770",
          "T048424",
          "T048468"
        ]
      },
      "release_date": "2023-06-12T22:00:00.000+00:00",
      "title": "CVE-2023-30901"
    },
    {
      "cve": "CVE-2023-31238",
      "product_status": {
        "known_affected": [
          "T028072",
          "T019770",
          "T048424",
          "T048468"
        ]
      },
      "release_date": "2023-06-12T22:00:00.000+00:00",
      "title": "CVE-2023-31238"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-30901 (GCVE-0-2023-30901)

SSA-480095

SSA-887249

VAR-202306-0890

WID-SEC-W-2023-1431

Tags

Sightings

Nomenclature