Multiple vulnerabilities in Siemens SICAM P850 and SICAM P855 Devices



Published: 2022-05-17
Risk High
Patch available YES
Number of vulnerabilities 11
CVE-ID CVE-2022-29872
CVE-2022-29873
CVE-2022-29874
CVE-2022-29876
CVE-2022-29877
CVE-2022-29878
CVE-2022-29879
CVE-2022-29880
CVE-2022-29881
CVE-2022-29882
CVE-2022-29883
CWE-ID CWE-20
CWE-319
CWE-79
CWE-306
CWE-294
CWE-287
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
SICAM P850
Hardware solutions / Firmware

SICAM P855
Hardware solutions / Firmware

Vendor

Security Bulletin

This security bulletin contains information about 11 vulnerabilities.

1) Input validation error

EUVDB-ID: #VU63317

Risk: Medium

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-29872

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to the affected devices do not properly validate parameters of POST requests. A remote user can pass specially crafted input to the application and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SICAM P850: before 3.00

SICAM P855: before 3.00

External links

http://cert-portal.siemens.com/productcert/txt/ssa-165073.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Input validation error

EUVDB-ID: #VU63320

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-29873

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to the affected devices do not properly validate parameters of certain GET and POST requests. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SICAM P850: before 3.00

SICAM P855: before 3.00

External links

http://cert-portal.siemens.com/productcert/txt/ssa-165073.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Cleartext transmission of sensitive information

EUVDB-ID: #VU63321

Risk: Medium

CVSSv3.1: 6.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-29874

CWE-ID: CWE-319 - Cleartext Transmission of Sensitive Information

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to software uses insecure communication channel to transmit sensitive information. A remote attacker can gain access to sensitive data and interfere with the functionality of the device.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SICAM P850: before 3.00

SICAM P855: before 3.00

External links

http://cert-portal.siemens.com/productcert/txt/ssa-165073.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Cross-site scripting

EUVDB-ID: #VU63324

Risk: Low

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-29876

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data within the GET request parameter. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SICAM P850: before 3.00

SICAM P855: before 3.00

External links

http://cert-portal.siemens.com/productcert/txt/ssa-165073.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Missing Authentication for Critical Function

EUVDB-ID: #VU63325

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-29877

CWE-ID: CWE-306 - Missing Authentication for Critical Function

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to the affected devices allow unauthenticated access to the web interface configuration area. A remote attacker can extract internal configuration details or reconfigure network settings.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SICAM P850: before 3.00

SICAM P855: before 3.00

External links

http://cert-portal.siemens.com/productcert/txt/ssa-165073.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Authentication Bypass by Capture-replay

EUVDB-ID: #VU63327

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-29878

CWE-ID: CWE-294 - Authentication Bypass by Capture-replay

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to the affected devices use a limited range for challenges that are sent during the unencrypted challenge-response communication. A remote attacker can access the management interface of the device.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SICAM P850: before 3.00

SICAM P855: before 3.00

External links

http://cert-portal.siemens.com/productcert/txt/ssa-165073.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Missing Authentication for Critical Function

EUVDB-ID: #VU63331

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-29879

CWE-ID: CWE-306 - Missing Authentication for Critical Function

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to the web based management interface does not employ special access protection for certain internal developer views. A remote user can access critical device information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SICAM P850: before 3.00

SICAM P855: before 3.00

External links

http://cert-portal.siemens.com/productcert/txt/ssa-165073.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Stored cross-site scripting

EUVDB-ID: #VU63333

Risk: Low

CVSSv3.1: 5.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-29880

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the configuration interface. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SICAM P850: before 3.00

SICAM P855: before 3.00

External links

http://cert-portal.siemens.com/productcert/txt/ssa-165073.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Missing Authentication for Critical Function

EUVDB-ID: #VU63334

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-29881

CWE-ID: CWE-306 - Missing Authentication for Critical Function

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to the web based management interface does not employ special access protection for certain internal developer views. A remote user can extract internal configuration details.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SICAM P850: before 3.00

SICAM P855: before 3.00

External links

http://cert-portal.siemens.com/productcert/txt/ssa-165073.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Stored cross-site scripting

EUVDB-ID: #VU63340

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-29882

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SICAM P850: before 3.00

SICAM P855: before 3.00

External links

http://cert-portal.siemens.com/productcert/txt/ssa-165073.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Improper Authentication

EUVDB-ID: #VU63341

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-29883

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests. A remote attacker can delete log files without authentication.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SICAM P850: before 3.00

SICAM P855: before 3.00

External links

http://cert-portal.siemens.com/productcert/txt/ssa-165073.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###