Action not permitted
Modal body text goes here.
wid-sec-w-2023-1431
Vulnerability from csaf_certbund
Published
2023-06-12 22:00
Modified
2023-12-11 23:00
Summary
Siemens SICAM: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Siemens SICAM ist eine Produktfamilie von SCADA-Systemen für den Betrieb von industriellen Prozessen.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Siemens SICAM ausnutzen, um Sicherheitsvorkehrungen zu umgehen und Code auszuführen.
Betroffene Betriebssysteme
- Sonstiges
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Siemens SICAM ist eine Produktfamilie von SCADA-Systemen f\u00fcr den Betrieb von industriellen Prozessen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Siemens SICAM ausnutzen, um Sicherheitsvorkehrungen zu umgehen und Code auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1431 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1431.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1431 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1431"
},
{
"category": "external",
"summary": "Siemens Security Advisory by Siemens ProductCERT vom 2023-06-12",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-887249.html"
},
{
"category": "external",
"summary": "Siemens Security Advisory SSA-480095 vom 2023-12-12",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-480095.html"
}
],
"source_lang": "en-US",
"title": "Siemens SICAM: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-12-11T23:00:00.000+00:00",
"generator": {
"date": "2024-02-15T17:30:46.970+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.0"
}
},
"id": "WID-SEC-W-2023-1431",
"initial_release_date": "2023-06-12T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-06-12T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-12-11T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Siemens aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Siemens SICAM",
"product": {
"name": "Siemens SICAM",
"product_id": "T019770",
"product_identification_helper": {
"cpe": "cpe:/h:siemens:sicam:-"
}
}
},
{
"category": "product_name",
"name": "Siemens SICAM Q200 \u003c V2.70",
"product": {
"name": "Siemens SICAM Q200 \u003c V2.70",
"product_id": "T028072",
"product_identification_helper": {
"cpe": "cpe:/h:siemens:sicam:q200__v2.70"
}
}
}
],
"category": "product_name",
"name": "SICAM"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-43398",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Siemens SICAM. Das Sitzungs-Cookie wird nach dem Login/Logout nicht erneuert und benutzerdefinierte Sitzungs-Cookie werden akzeptiert. Ein Angreifer kann das gespeicherte Sitzungs-Cookie eines Benutzers \u00fcberschreiben und Zugriff auf das Konto des Benutzers erhalten. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T019770"
]
},
"release_date": "2023-06-12T22:00:00Z",
"title": "CVE-2022-43398"
},
{
"cve": "CVE-2022-43546",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Siemens SICAM. Language-Parameter, RecordType-Parameter und EndTime-Parameter werden in Anfragen an das Webinterface auf Port 443/tcp nicht sachgem\u00e4\u00df validiert. Ein authentisierter Angreifer kann diese Schwachstelle ausnutzen, um das Ger\u00e4t zum Absturz zu bringen oder beliebigen Code auf dem Ger\u00e4t auszuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T019770"
]
},
"release_date": "2023-06-12T22:00:00Z",
"title": "CVE-2022-43546"
},
{
"cve": "CVE-2022-43545",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Siemens SICAM. Language-Parameter, RecordType-Parameter und EndTime-Parameter werden in Anfragen an das Webinterface auf Port 443/tcp nicht sachgem\u00e4\u00df validiert. Ein authentisierter Angreifer kann diese Schwachstelle ausnutzen, um das Ger\u00e4t zum Absturz zu bringen oder beliebigen Code auf dem Ger\u00e4t auszuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T019770"
]
},
"release_date": "2023-06-12T22:00:00Z",
"title": "CVE-2022-43545"
},
{
"cve": "CVE-2022-43439",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Siemens SICAM. Language-Parameter, RecordType-Parameter und EndTime-Parameter werden in Anfragen an das Webinterface auf Port 443/tcp nicht sachgem\u00e4\u00df validiert. Ein authentisierter Angreifer kann diese Schwachstelle ausnutzen, um das Ger\u00e4t zum Absturz zu bringen oder beliebigen Code auf dem Ger\u00e4t auszuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T019770"
]
},
"release_date": "2023-06-12T22:00:00Z",
"title": "CVE-2022-43439"
},
{
"cve": "CVE-2023-30901",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Siemens SICAM. Die Webschnittstelle der betroffenen Ger\u00e4te ist anf\u00e4llig f\u00fcr Cross-Site Request Forgery-Angriffe. Ein Angreifer kann diese Schwachstelle ausnutzen, um im Namen des Opfers beliebige Aktionen auf dem Ger\u00e4t durchzuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T019770"
]
},
"release_date": "2023-06-12T22:00:00Z",
"title": "CVE-2023-30901"
},
{
"cve": "CVE-2023-31238",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Siemens SICAM. Wenn sie die Standardeinstellungen verwendet werden fehlen die Cookie-Schutz-Flags. Ein Angreifer der Zugriff auf ein Sitzungs-Token erh\u00e4lt, kann sich damit als legitimer Anwendungsbenutzer ausgeben. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T019770"
]
},
"release_date": "2023-06-12T22:00:00Z",
"title": "CVE-2023-31238"
}
]
}
cve-2022-43398
Vulnerability from cvelistv5
Published
2022-11-08 00:00
Modified
2024-08-03 13:32
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50). Affected devices do not renew the session cookie after login/logout and also accept user defined session cookies. An attacker could overwrite the stored session cookie of a user. After the victim logged in, the attacker is given access to the user's account through the activated session.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:58.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-570294.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-887249.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "POWER METER SICAM Q100",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.50"
}
]
},
{
"defaultStatus": "unknown",
"product": "POWER METER SICAM Q100",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.50"
}
]
},
{
"defaultStatus": "unknown",
"product": "POWER METER SICAM Q100",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.50"
}
]
},
{
"defaultStatus": "unknown",
"product": "POWER METER SICAM Q100",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.50"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in POWER METER SICAM Q100 (All versions \u003c V2.50), POWER METER SICAM Q100 (All versions \u003c V2.50), POWER METER SICAM Q100 (All versions \u003c V2.50), POWER METER SICAM Q100 (All versions \u003c V2.50). Affected devices do not renew the session cookie after login/logout and also accept user defined session cookies. An attacker could overwrite the stored session cookie of a user. After the victim logged in, the attacker is given access to the user\u0027s account through the activated session."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384: Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-09T09:57:13.900Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-570294.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-887249.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-43398",
"datePublished": "2022-11-08T00:00:00",
"dateReserved": "2022-10-18T00:00:00",
"dateUpdated": "2024-08-03T13:32:58.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-43545
Vulnerability from cvelistv5
Published
2022-11-08 00:00
Modified
2024-08-03 13:32
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10). Affected devices do not properly validate the RecordType-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:59.727Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-572005.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-570294.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-887249.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "POWER METER SICAM Q100",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.50"
}
]
},
{
"defaultStatus": "unknown",
"product": "POWER METER SICAM Q100",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.50"
}
]
},
{
"defaultStatus": "unknown",
"product": "POWER METER SICAM Q100",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.50"
}
]
},
{
"defaultStatus": "unknown",
"product": "POWER METER SICAM Q100",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.50"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in POWER METER SICAM Q100 (All versions \u003c V2.50), POWER METER SICAM Q100 (All versions \u003c V2.50), POWER METER SICAM Q100 (All versions \u003c V2.50), POWER METER SICAM Q100 (All versions \u003c V2.50), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10). Affected devices do not properly validate the RecordType-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-09T09:58:12.217Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-572005.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-570294.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-887249.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-43545",
"datePublished": "2022-11-08T00:00:00",
"dateReserved": "2022-10-20T00:00:00",
"dateUpdated": "2024-08-03T13:32:59.727Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-43439
Vulnerability from cvelistv5
Published
2022-11-08 00:00
Modified
2024-08-03 13:32
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10). Affected devices do not properly validate the Language-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:59.174Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-572005.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-570294.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-887249.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "POWER METER SICAM Q100",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.50"
}
]
},
{
"defaultStatus": "unknown",
"product": "POWER METER SICAM Q100",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.50"
}
]
},
{
"defaultStatus": "unknown",
"product": "POWER METER SICAM Q100",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.50"
}
]
},
{
"defaultStatus": "unknown",
"product": "POWER METER SICAM Q100",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.50"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in POWER METER SICAM Q100 (All versions \u003c V2.50), POWER METER SICAM Q100 (All versions \u003c V2.50), POWER METER SICAM Q100 (All versions \u003c V2.50), POWER METER SICAM Q100 (All versions \u003c V2.50), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10). Affected devices do not properly validate the Language-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-09T09:57:43.953Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-572005.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-570294.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-887249.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-43439",
"datePublished": "2022-11-08T00:00:00",
"dateReserved": "2022-10-19T00:00:00",
"dateUpdated": "2024-08-03T13:32:59.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-30901
Vulnerability from cvelistv5
Published
2023-06-13 08:17
Modified
2024-08-02 14:37
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:37:15.518Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-887249.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480095.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "POWER METER SICAM Q100",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.60"
}
]
},
{
"defaultStatus": "unknown",
"product": "POWER METER SICAM Q100",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.60"
}
]
},
{
"defaultStatus": "unknown",
"product": "POWER METER SICAM Q100",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.60"
}
]
},
{
"defaultStatus": "unknown",
"product": "POWER METER SICAM Q100",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.60"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in POWER METER SICAM Q100 (All versions \u003c V2.60), POWER METER SICAM Q100 (All versions \u003c V2.60), POWER METER SICAM Q100 (All versions \u003c V2.60), POWER METER SICAM Q100 (All versions \u003c V2.60). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-09T09:59:13.439Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-887249.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480095.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2023-30901",
"datePublished": "2023-06-13T08:17:12.290Z",
"dateReserved": "2023-04-20T12:49:03.482Z",
"dateUpdated": "2024-08-02T14:37:15.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-31238
Vulnerability from cvelistv5
Published
2023-06-13 08:17
Modified
2024-08-02 14:53
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60). Affected devices are missing cookie protection flags when using the default settings. An attacker who gains access to a session token can use it to impersonate a legitimate application user.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:53:29.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-887249.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480095.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "POWER METER SICAM Q100",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.60"
}
]
},
{
"defaultStatus": "unknown",
"product": "POWER METER SICAM Q100",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.60"
}
]
},
{
"defaultStatus": "unknown",
"product": "POWER METER SICAM Q100",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.60"
}
]
},
{
"defaultStatus": "unknown",
"product": "POWER METER SICAM Q100",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.60"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in POWER METER SICAM Q100 (All versions \u003c V2.60), POWER METER SICAM Q100 (All versions \u003c V2.60), POWER METER SICAM Q100 (All versions \u003c V2.60), POWER METER SICAM Q100 (All versions \u003c V2.60). Affected devices are missing cookie protection flags when using the default settings. An attacker who gains access to a session token can use it to impersonate a legitimate application user."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-09T09:59:42.265Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-887249.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480095.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2023-31238",
"datePublished": "2023-06-13T08:17:13.351Z",
"dateReserved": "2023-04-26T17:03:00.579Z",
"dateUpdated": "2024-08-02T14:53:29.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-43546
Vulnerability from cvelistv5
Published
2022-11-08 00:00
Modified
2024-10-21 16:08
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10). Affected devices do not properly validate the EndTime-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:59.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-572005.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-570294.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-887249.pdf"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:siemens:sicam_q100_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sicam_q100_firmware",
"vendor": "siemens",
"versions": [
{
"lessThan": "2.50",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:sicam_p850_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sicam_p850_firmware",
"vendor": "siemens",
"versions": [
{
"lessThan": "3.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:sicam_p855_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sicam_p855_firmware",
"vendor": "siemens",
"versions": [
{
"lessThan": "3.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-43546",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:16:01.044378Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T16:08:33.311Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "POWER METER SICAM Q100",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.50"
}
]
},
{
"defaultStatus": "unknown",
"product": "POWER METER SICAM Q100",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.50"
}
]
},
{
"defaultStatus": "unknown",
"product": "POWER METER SICAM Q100",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.50"
}
]
},
{
"defaultStatus": "unknown",
"product": "POWER METER SICAM Q100",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.50"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in POWER METER SICAM Q100 (All versions \u003c V2.50), POWER METER SICAM Q100 (All versions \u003c V2.50), POWER METER SICAM Q100 (All versions \u003c V2.50), POWER METER SICAM Q100 (All versions \u003c V2.50), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10). Affected devices do not properly validate the EndTime-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-09T09:58:41.480Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-572005.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-570294.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-887249.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-43546",
"datePublished": "2022-11-08T00:00:00",
"dateReserved": "2022-10-20T00:00:00",
"dateUpdated": "2024-10-21T16:08:33.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.