ID

VAR-202205-0920


CVE

CVE-2022-29874


TITLE

Siemens SICAM P850 and SICAM P855 Devices Sensitive Information Cleartext Transmission Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2022-36396

DESCRIPTION

A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). Affected devices do not encrypt web traffic with clients but communicate in cleartext via HTTP. This could allow an unauthenticated attacker to capture the traffic and interfere with the functionality of the device. The SICAM P850 multifunctional measuring device is used to acquire, visualize, evaluate and transmit electrical measurement variables such as alternating current, alternating voltage, frequency, power, harmonics, etc. The SICAM P855 multifunction device is used to collect, display and transmit measured electrical variables such as AC current, AC voltage, power type, harmonics, etc. Measured values and events are collected and processed according to the power quality standard IEC 61000-4-30. Siemens SICAM P850 and SICAM P855

Trust: 1.53

sources: NVD: CVE-2022-29874 // CNVD: CNVD-2022-36396 // VULMON: CVE-2022-29874

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-36396

AFFECTED PRODUCTS

vendor:siemensmodel:sicam p850scope:ltversion:v3.00

Trust: 10.8

vendor:siemensmodel:sicam p855scope:ltversion:v3.00

Trust: 10.8

vendor:siemensmodel:7kg8501-0aa02-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8550-0aa00-2aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8551-0aa01-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8501-0aa12-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8501-0aa01-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8551-0aa32-2aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8550-0aa30-2aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8551-0aa01-2aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8501-0aa02-2aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8551-0aa02-2aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8500-0aa10-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8501-0aa12-2aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8501-0aa32-2aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8500-0aa30-2aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8500-0aa00-2aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8500-0aa00-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8501-0aa01-2aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8550-0aa10-2aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8500-0aa30-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8501-0aa31-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8501-0aa11-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8550-0aa10-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8501-0aa32-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8550-0aa30-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8551-0aa02-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8551-0aa12-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8551-0aa31-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8500-0aa10-2aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8501-0aa31-2aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8551-0aa11-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8551-0aa32-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8551-0aa11-2aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8501-0aa11-2aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8550-0aa00-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8551-0aa31-2aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8551-0aa12-2aa0scope:ltversion:3.00

Trust: 1.0

sources: CNVD: CNVD-2022-36396 // NVD: CVE-2022-29874

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-29874
value: HIGH

Trust: 1.0

CNVD: CNVD-2022-36396
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202205-3129
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-29874
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2022-36396
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-29874
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2022-36396 // CNNVD: CNNVD-202205-3129 // NVD: CVE-2022-29874

PROBLEMTYPE DATA

problemtype:CWE-319

Trust: 1.0

sources: NVD: CVE-2022-29874

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202205-3129

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202205-3129

PATCH

title:Patch for Siemens SICAM P850 and SICAM P855 Devices Sensitive Information Cleartext Transmission Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/332526

Trust: 0.6

title:Siemens SICAM Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=194234

Trust: 0.6

sources: CNVD: CNVD-2022-36396 // CNNVD: CNNVD-202205-3129

EXTERNAL IDS

db:NVDid:CVE-2022-29874

Trust: 2.3

db:SIEMENSid:SSA-165073

Trust: 2.2

db:ICS CERTid:ICSA-22-132-07

Trust: 0.7

db:CNVDid:CNVD-2022-36396

Trust: 0.6

db:AUSCERTid:ESB-2022.2357

Trust: 0.6

db:CS-HELPid:SB2022051724

Trust: 0.6

db:CNNVDid:CNNVD-202205-3129

Trust: 0.6

db:VULMONid:CVE-2022-29874

Trust: 0.1

sources: CNVD: CNVD-2022-36396 // VULMON: CVE-2022-29874 // CNNVD: CNNVD-202205-3129 // NVD: CVE-2022-29874

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf

Trust: 1.6

url:https://cert-portal.siemens.com/productcert/html/ssa-165073.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022051724

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-132-07

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-29874/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.2357

Trust: 0.6

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-07

Trust: 0.1

sources: CNVD: CNVD-2022-36396 // VULMON: CVE-2022-29874 // CNNVD: CNNVD-202205-3129 // NVD: CVE-2022-29874

CREDITS

Michael Messner from Siemens Energy reported these vulnerabilities to Siemens.

Trust: 0.6

sources: CNNVD: CNNVD-202205-3129

SOURCES

db:CNVDid:CNVD-2022-36396
db:VULMONid:CVE-2022-29874
db:CNNVDid:CNNVD-202205-3129
db:NVDid:CVE-2022-29874

LAST UPDATE DATE

2024-08-14T13:22:15.934000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-36396date:2022-05-11T00:00:00
db:CNNVDid:CNNVD-202205-3129date:2022-05-30T00:00:00
db:NVDid:CVE-2022-29874date:2022-05-26T20:45:52.480

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-36396date:2022-05-11T00:00:00
db:CNNVDid:CNNVD-202205-3129date:2022-05-12T00:00:00
db:NVDid:CVE-2022-29874date:2022-05-20T13:15:16.030