Sign-up

ID

VAR-202205-0928


CVE

CVE-2022-29872


TITLE

Unknown Vulnerability in Siemens SICAM P850 and SICAM P855 Devices

Trust: 0.6

sources: CNVD: CNVD-2022-36398

DESCRIPTION

A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). Affected devices do not properly validate parameters of POST requests. This could allow an authenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device. The SICAM P850 multifunctional measuring device is used to acquire, visualize, evaluate and transmit electrical measurement variables such as alternating current, alternating voltage, frequency, power, harmonics, etc. The SICAM P855 multifunction device is used to collect, display and transmit measured electrical variables such as AC current, AC voltage, power type, harmonics, etc. Measured values and events are collected and processed according to the power quality standard IEC 61000-4-30. A security vulnerability exists in Siemens SICAM P850 and SICAM P855 Devices. arbitrary code. Siemens SICAM P850 and SICAM P855

Trust: 1.53

sources: NVD: CVE-2022-29872 // CNVD: CNVD-2022-36398 // VULMON: CVE-2022-29872

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-36398

AFFECTED PRODUCTS

vendor:siemensmodel:sicam p850scope:ltversion:v3.00

Trust: 10.8

vendor:siemensmodel:sicam p855scope:ltversion:v3.00

Trust: 10.8

vendor:siemensmodel:7kg8501-0aa02-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8550-0aa00-2aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8551-0aa01-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8501-0aa12-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8501-0aa01-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8551-0aa32-2aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8550-0aa30-2aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8551-0aa01-2aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8501-0aa02-2aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8551-0aa02-2aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8500-0aa10-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8501-0aa12-2aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8501-0aa32-2aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8500-0aa30-2aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8500-0aa00-2aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8500-0aa00-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8501-0aa01-2aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8550-0aa10-2aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8500-0aa30-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8501-0aa31-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8501-0aa11-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8550-0aa10-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8501-0aa32-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8550-0aa30-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8551-0aa02-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8551-0aa12-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8551-0aa31-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8500-0aa10-2aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8501-0aa31-2aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8551-0aa11-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8551-0aa32-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8551-0aa11-2aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8501-0aa11-2aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8550-0aa00-0aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8551-0aa31-2aa0scope:ltversion:3.00

Trust: 1.0

vendor:siemensmodel:7kg8551-0aa12-2aa0scope:ltversion:3.00

Trust: 1.0

sources: CNVD: CNVD-2022-36398 // NVD: CVE-2022-29872

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-29872
value: HIGH

Trust: 1.0

CNVD: CNVD-2022-36398
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202205-3137
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-29872
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2022-36398
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-29872
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2022-36398 // CNNVD: CNNVD-202205-3137 // NVD: CVE-2022-29872

PROBLEMTYPE DATA

problemtype:CWE-141

Trust: 1.0

problemtype:CWE-20

Trust: 1.0

sources: NVD: CVE-2022-29872

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202205-3137

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202205-3137

PATCH

title:Patch for Unknown Vulnerability in Siemens SICAM P850 and SICAM P855 Devicesurl:https://www.cnvd.org.cn/patchInfo/show/332516

Trust: 0.6

title:Siemens SICAM Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=194237

Trust: 0.6

sources: CNVD: CNVD-2022-36398 // CNNVD: CNNVD-202205-3137

EXTERNAL IDS

db:NVDid:CVE-2022-29872

Trust: 2.3

db:SIEMENSid:SSA-165073

Trust: 2.2

db:ICS CERTid:ICSA-22-132-07

Trust: 0.7

db:CNVDid:CNVD-2022-36398

Trust: 0.6

db:AUSCERTid:ESB-2022.2357

Trust: 0.6

db:CS-HELPid:SB2022051724

Trust: 0.6

db:CNNVDid:CNNVD-202205-3137

Trust: 0.6

db:VULMONid:CVE-2022-29872

Trust: 0.1

sources: CNVD: CNVD-2022-36398 // VULMON: CVE-2022-29872 // CNNVD: CNNVD-202205-3137 // NVD: CVE-2022-29872

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf

Trust: 1.6

url:https://cert-portal.siemens.com/productcert/html/ssa-165073.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022051724

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-132-07

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-29872/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.2357

Trust: 0.6

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-07

Trust: 0.1

sources: CNVD: CNVD-2022-36398 // VULMON: CVE-2022-29872 // CNNVD: CNNVD-202205-3137 // NVD: CVE-2022-29872

CREDITS

Michael Messner from Siemens Energy reported these vulnerabilities to Siemens.

Trust: 0.6

sources: CNNVD: CNNVD-202205-3137

SOURCES

db:CNVDid:CNVD-2022-36398
db:VULMONid:CVE-2022-29872
db:CNNVDid:CNNVD-202205-3137
db:NVDid:CVE-2022-29872

LAST UPDATE DATE

2024-08-14T13:22:16.722000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-36398date:2022-05-11T00:00:00
db:CNNVDid:CNNVD-202205-3137date:2022-05-30T00:00:00
db:NVDid:CVE-2022-29872date:2022-05-26T21:03:31.527

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-36398date:2022-05-11T00:00:00
db:CNNVDid:CNNVD-202205-3137date:2022-05-12T00:00:00
db:NVDid:CVE-2022-29872date:2022-05-20T13:15:15.927