ID

VAR-202211-0377


CVE

CVE-2022-43545


TITLE

Siemens'  7KG9501-0AA01-2AA1  firmware and  7KG9501-0AA31-2AA1  Firmware Input Validation Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-020513

DESCRIPTION

A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10). Affected devices do not properly validate the RecordType-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device. Siemens' 7KG9501-0AA01-2AA1 firmware and 7KG9501-0AA31-2AA1 There is an input validation vulnerability in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The POWER METER SICAM Q100 is a multifunctional device for detecting, reporting and analyzing measured values and events

Trust: 2.16

sources: NVD: CVE-2022-43545 // JVNDB: JVNDB-2022-020513 // CNVD: CNVD-2022-75539

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-75539

AFFECTED PRODUCTS

vendor:siemensmodel:power meter sicam q100scope:ltversion:2.50

Trust: 1.2

vendor:siemensmodel:7kg9501-0aa31-2aa1scope:ltversion:2.50

Trust: 1.0

vendor:siemensmodel:7kg9501-0aa01-2aa1scope:ltversion:2.50

Trust: 1.0

vendor:シーメンスmodel:7kg9501-0aa31-2aa1scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:7kg9501-0aa01-2aa1scope: - version: -

Trust: 0.8

sources: CNVD: CNVD-2022-75539 // JVNDB: JVNDB-2022-020513 // NVD: CVE-2022-43545

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-43545
value: HIGH

Trust: 1.0

productcert@siemens.com: CVE-2022-43545
value: CRITICAL

Trust: 1.0

NVD: CVE-2022-43545
value: HIGH

Trust: 0.8

CNVD: CNVD-2022-75539
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202211-2311
value: HIGH

Trust: 0.6

CNVD: CNVD-2022-75539
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-43545
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

productcert@siemens.com: CVE-2022-43545
baseSeverity: CRITICAL
baseScore: 9.9
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.1
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2022-43545
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-75539 // JVNDB: JVNDB-2022-020513 // CNNVD: CNNVD-202211-2311 // NVD: CVE-2022-43545 // NVD: CVE-2022-43545

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

problemtype:Inappropriate input confirmation (CWE-20) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-020513 // NVD: CVE-2022-43545

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202211-2311

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202211-2311

PATCH

title:Patch for Siemens POWER METER SICAM Q100 Input Validation Error Vulnerability (CNVD-2022-75539)url:https://www.cnvd.org.cn/patchInfo/show/360341

Trust: 0.6

title:Siemens Power Meter Sicam Q100 Enter the fix for the verification error vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=213741

Trust: 0.6

sources: CNVD: CNVD-2022-75539 // CNNVD: CNNVD-202211-2311

EXTERNAL IDS

db:NVDid:CVE-2022-43545

Trust: 3.8

db:SIEMENSid:SSA-570294

Trust: 3.0

db:SIEMENSid:SSA-572005

Trust: 2.4

db:SIEMENSid:SSA-887249

Trust: 2.4

db:JVNid:JVNVU92214181

Trust: 0.8

db:JVNid:JVNVU93762879

Trust: 0.8

db:JVNid:JVNVU99464755

Trust: 0.8

db:ICS CERTid:ICSA-22-314-11

Trust: 0.8

db:ICS CERTid:ICSA-23-166-03

Trust: 0.8

db:JVNDBid:JVNDB-2022-020513

Trust: 0.8

db:CNVDid:CNVD-2022-75539

Trust: 0.6

db:CNNVDid:CNNVD-202211-2311

Trust: 0.6

sources: CNVD: CNVD-2022-75539 // JVNDB: JVNDB-2022-020513 // CNNVD: CNNVD-202211-2311 // NVD: CVE-2022-43545

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-570294.pdf

Trust: 2.4

url:https://cert-portal.siemens.com/productcert/pdf/ssa-572005.pdf

Trust: 2.4

url:https://cert-portal.siemens.com/productcert/pdf/ssa-887249.pdf

Trust: 2.4

url:https://jvn.jp/vu/jvnvu93762879/

Trust: 0.8

url:https://jvn.jp/vu/jvnvu92214181/

Trust: 0.8

url:https://jvn.jp/vu/jvnvu99464755/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-43545

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-22-314-11

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-03

Trust: 0.8

url:https://cert-portal.siemens.com/productcert/html/ssa-570294.html

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-43545/

Trust: 0.6

sources: CNVD: CNVD-2022-75539 // JVNDB: JVNDB-2022-020513 // CNNVD: CNNVD-202211-2311 // NVD: CVE-2022-43545

SOURCES

db:CNVDid:CNVD-2022-75539
db:JVNDBid:JVNDB-2022-020513
db:CNNVDid:CNNVD-202211-2311
db:NVDid:CVE-2022-43545

LAST UPDATE DATE

2024-08-14T13:02:56.245000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-75539date:2022-11-09T00:00:00
db:JVNDBid:JVNDB-2022-020513date:2023-11-02T08:02:00
db:CNNVDid:CNNVD-202211-2311date:2023-06-14T00:00:00
db:NVDid:CVE-2022-43545date:2024-01-09T10:15:14.783

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-75539date:2022-11-09T00:00:00
db:JVNDBid:JVNDB-2022-020513date:2023-11-02T00:00:00
db:CNNVDid:CNNVD-202211-2311date:2022-11-08T00:00:00
db:NVDid:CVE-2022-43545date:2022-11-08T11:15:12.067