Sign-up

ID

VAR-202205-0925


CVE

CVE-2022-29878


TITLE

in multiple Siemens products  Capture-replay  Authentication Bypass Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-010137

DESCRIPTION

A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). Affected devices use a limited range for challenges that are sent during the unencrypted challenge-response communication. An unauthenticated attacker could capture a valid challenge-response pair generated by a legitimate user, and request the webpage repeatedly to wait for the same challenge to reappear for which the correct response is known. This could allow the attacker to access the management interface of the device. 7kg8500-0aa00-0aa0 firmware, 7kg8500-0aa00-2aa0 firmware, 7kg8500-0aa10-0aa0 Several Siemens products, such as firmware, Capture-replay An authentication bypass vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The SICAM P850 multifunctional measuring device is used to acquire, visualize, evaluate and transmit electrical measurement variables such as alternating current, alternating voltage, frequency, power, harmonics, etc. The SICAM P855 multifunction device is used to collect, display and transmit measured electrical variables such as AC current, AC voltage, power type, harmonics, etc. Measured values and events are collected and processed according to the power quality standard IEC 61000-4-30. Siemens SICAM P850 and SICAM P855

Trust: 2.25

sources: NVD: CVE-2022-29878 // JVNDB: JVNDB-2022-010137 // CNVD: CNVD-2022-36393 // VULMON: CVE-2022-29878

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-36393

AFFECTED PRODUCTS

vendor:siemensmodel:sicam p850scope:ltversion:v3.00

Trust: 10.8

vendor:siemensmodel:sicam p855scope:ltversion:v3.00

Trust: 10.8

vendor:siemensmodel:7kg8501-0aa02-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8550-0aa00-2aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8551-0aa01-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8501-0aa12-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8501-0aa01-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8551-0aa32-2aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8550-0aa30-2aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8551-0aa01-2aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8501-0aa02-2aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8551-0aa02-2aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8500-0aa10-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8501-0aa12-2aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8501-0aa32-2aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8500-0aa30-2aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8500-0aa00-2aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8500-0aa00-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8501-0aa01-2aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8550-0aa10-2aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8500-0aa30-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8501-0aa31-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8501-0aa11-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8550-0aa10-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8501-0aa32-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8550-0aa30-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8551-0aa02-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8551-0aa12-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8551-0aa31-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8500-0aa10-2aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8501-0aa31-2aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8551-0aa11-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8551-0aa32-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8551-0aa11-2aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8501-0aa11-2aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8550-0aa00-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8551-0aa31-2aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8551-0aa12-2aa0scope:ltversion:3.00

Trust: 1.0

vendor:シーメンスmodel:7kg8501-0aa32-0aa0scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:7kg8501-0aa02-2aa0scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:7kg8501-0aa12-0aa0scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:7kg8500-0aa00-2aa0scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:7kg8500-0aa10-2aa0scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:7kg8501-0aa02-0aa0scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:7kg8501-0aa32-2aa0scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:7kg8550-0aa00-2aa0scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:7kg8501-0aa01-2aa0scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:7kg8500-0aa10-0aa0scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:7kg8501-0aa11-2aa0scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:7kg8501-0aa31-0aa0scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:7kg8500-0aa00-0aa0scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:7kg8501-0aa12-2aa0scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:7kg8550-0aa00-0aa0scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:7kg8501-0aa11-0aa0scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:7kg8501-0aa31-2aa0scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:7kg8500-0aa30-2aa0scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:7kg8500-0aa30-0aa0scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:7kg8501-0aa01-0aa0scope: - version: -

Trust: 0.8

sources: CNVD: CNVD-2022-36393 // JVNDB: JVNDB-2022-010137 // NVD: CVE-2022-29878

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-29878
value: HIGH

Trust: 1.0

NVD: CVE-2022-29878
value: HIGH

Trust: 0.8

CNVD: CNVD-2022-36393
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202205-3123
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-29878
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2022-36393
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-29878
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-29878
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-36393 // JVNDB: JVNDB-2022-010137 // CNNVD: CNNVD-202205-3123 // NVD: CVE-2022-29878

PROBLEMTYPE DATA

problemtype:CWE-294

Trust: 1.0

problemtype:Capture-replay authentication evasion by (CWE-294) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-010137 // NVD: CVE-2022-29878

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202205-3123

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202205-3123

PATCH

title:Patch for Siemens SICAM P850 and SICAM P855 Devices Authentication Bypass Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/332546

Trust: 0.6

title:Siemens SICAM Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=194648

Trust: 0.6

sources: CNVD: CNVD-2022-36393 // CNNVD: CNNVD-202205-3123

EXTERNAL IDS

db:NVDid:CVE-2022-29878

Trust: 3.9

db:SIEMENSid:SSA-165073

Trust: 3.0

db:ICS CERTid:ICSA-22-132-07

Trust: 1.5

db:JVNid:JVNVU92977068

Trust: 0.8

db:JVNDBid:JVNDB-2022-010137

Trust: 0.8

db:CNVDid:CNVD-2022-36393

Trust: 0.6

db:AUSCERTid:ESB-2022.2357

Trust: 0.6

db:CS-HELPid:SB2022051724

Trust: 0.6

db:CNNVDid:CNNVD-202205-3123

Trust: 0.6

db:VULMONid:CVE-2022-29878

Trust: 0.1

sources: CNVD: CNVD-2022-36393 // VULMON: CVE-2022-29878 // JVNDB: JVNDB-2022-010137 // CNNVD: CNNVD-202205-3123 // NVD: CVE-2022-29878

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf

Trust: 2.4

url:https://jvn.jp/vu/jvnvu92977068/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-29878

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-22-132-07

Trust: 0.8

url:https://cert-portal.siemens.com/productcert/html/ssa-165073.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022051724

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-132-07

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-29878/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.2357

Trust: 0.6

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-07

Trust: 0.1

sources: CNVD: CNVD-2022-36393 // VULMON: CVE-2022-29878 // JVNDB: JVNDB-2022-010137 // CNNVD: CNNVD-202205-3123 // NVD: CVE-2022-29878

CREDITS

Michael Messner from Siemens Energy reported these vulnerabilities to Siemens.

Trust: 0.6

sources: CNNVD: CNNVD-202205-3123

SOURCES

db:CNVDid:CNVD-2022-36393
db:VULMONid:CVE-2022-29878
db:JVNDBid:JVNDB-2022-010137
db:CNNVDid:CNNVD-202205-3123
db:NVDid:CVE-2022-29878

LAST UPDATE DATE

2024-08-14T13:22:15.997000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-36393date:2022-05-11T00:00:00
db:JVNDBid:JVNDB-2022-010137date:2023-08-10T08:25:00
db:CNNVDid:CNNVD-202205-3123date:2022-06-06T00:00:00
db:NVDid:CVE-2022-29878date:2022-06-02T14:02:36.753

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-36393date:2022-05-11T00:00:00
db:JVNDBid:JVNDB-2022-010137date:2023-08-10T00:00:00
db:CNNVDid:CNNVD-202205-3123date:2022-05-12T00:00:00
db:NVDid:CVE-2022-29878date:2022-05-20T13:15:16.177