ID
VAR-202205-0923
CVE
CVE-2022-29873
TITLE
Unknown Vulnerability in Siemens SICAM P850 and SICAM P855 Devices (CNVD-2022-36397)
Trust: 0.6
DESCRIPTION
A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). Affected devices do not properly validate parameters of certain GET and POST requests. This could allow an unauthenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device. The SICAM P850 multifunctional measuring device is used to acquire, visualize, evaluate and transmit electrical measurement variables such as alternating current, alternating voltage, frequency, power, harmonics, etc. The SICAM P855 multifunction device is used to collect, display and transmit measured electrical variables such as AC current, AC voltage, power type, harmonics, etc. Measured values and events are collected and processed according to the power quality standard IEC 61000-4-30. A security vulnerability exists in Siemens SICAM P850 and SICAM P855 Devices. Siemens SICAM P850 and SICAM P855
Trust: 1.53
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | siemens | model: | sicam p850 | scope: | lt | version: | v3.00 | Trust: 10.8 |
| vendor: | siemens | model: | sicam p855 | scope: | lt | version: | v3.00 | Trust: 10.8 |
| vendor: | siemens | model: | 7kg8501-0aa02-0aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8550-0aa00-2aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8551-0aa01-0aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8501-0aa12-0aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8501-0aa01-0aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8551-0aa32-2aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8550-0aa30-2aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8551-0aa01-2aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8501-0aa02-2aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8551-0aa02-2aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8500-0aa10-0aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8501-0aa12-2aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8501-0aa32-2aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8500-0aa30-2aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8500-0aa00-2aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8500-0aa00-0aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8501-0aa01-2aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8550-0aa10-2aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8500-0aa30-0aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8501-0aa31-0aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8501-0aa11-0aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8550-0aa10-0aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8501-0aa32-0aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8550-0aa30-0aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8551-0aa02-0aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8551-0aa12-0aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8551-0aa31-0aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8500-0aa10-2aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8501-0aa31-2aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8551-0aa11-0aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8551-0aa32-0aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8551-0aa11-2aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8501-0aa11-2aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8550-0aa00-0aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8551-0aa31-2aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8551-0aa12-2aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-141 | Trust: 1.0 |
| problemtype: | NVD-CWE-Other | Trust: 1.0 |
THREAT TYPE
remote
Trust: 0.6
TYPE
other
Trust: 0.6
PATCH
| title: | Patch for Unknown Vulnerability in Siemens SICAM P850 and SICAM P855 Devices (CNVD-2022-36397) | url: | https://www.cnvd.org.cn/patchInfo/show/332521 | Trust: 0.6 |
| title: | Siemens SICAM Security vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=192513 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2022-29873 | Trust: 2.3 |
| db: | SIEMENS | id: | SSA-165073 | Trust: 2.2 |
| db: | ICS CERT | id: | ICSA-22-132-07 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2022-36397 | Trust: 0.6 |
| db: | AUSCERT | id: | ESB-2022.2357 | Trust: 0.6 |
| db: | CS-HELP | id: | SB2022051724 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202205-3130 | Trust: 0.6 |
| db: | VULMON | id: | CVE-2022-29873 | Trust: 0.1 |
REFERENCES
| url: | https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf | Trust: 1.6 |
| url: | https://cert-portal.siemens.com/productcert/html/ssa-165073.html | Trust: 0.6 |
| url: | https://www.cybersecurity-help.cz/vdb/sb2022051724 | Trust: 0.6 |
| url: | https://us-cert.cisa.gov/ics/advisories/icsa-22-132-07 | Trust: 0.6 |
| url: | https://cxsecurity.com/cveshow/cve-2022-29873/ | Trust: 0.6 |
| url: | https://www.auscert.org.au/bulletins/esb-2022.2357 | Trust: 0.6 |
| url: | https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-07 | Trust: 0.1 |
CREDITS
Michael Messner from Siemens Energy reported these vulnerabilities to Siemens.
Trust: 0.6
SOURCES
| db: | CNVD | id: | CNVD-2022-36397 |
| db: | VULMON | id: | CVE-2022-29873 |
| db: | CNNVD | id: | CNNVD-202205-3130 |
| db: | NVD | id: | CVE-2022-29873 |
LAST UPDATE DATE
2024-08-14T13:22:16.660000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2022-36397 | date: | 2022-05-11T00:00:00 |
| db: | CNNVD | id: | CNNVD-202205-3130 | date: | 2022-05-30T00:00:00 |
| db: | NVD | id: | CVE-2022-29873 | date: | 2022-05-26T21:02:30.963 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2022-36397 | date: | 2022-05-11T00:00:00 |
| db: | CNNVD | id: | CNNVD-202205-3130 | date: | 2022-05-12T00:00:00 |
| db: | NVD | id: | CVE-2022-29873 | date: | 2022-05-20T13:15:15.977 |