Multiple vulnerabilities in Siemens SICAM Q100



Published: 2022-11-09 | Updated: 2022-11-11
Risk Medium
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2022-43398
CVE-2022-43439
CVE-2022-43545
CVE-2022-43546
CWE-ID CWE-384
CWE-20
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
POWER METER SICAM Q100 (7KG9501-0AA31-2AA1)
Hardware solutions / Firmware

POWER METER SICAM Q100 (7KG9501-0AA01-2AA1)
Hardware solutions / Firmware

Vendor

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Session Fixation

EUVDB-ID: #VU69169

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-43398

CWE-ID: CWE-384 - Session Fixation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the session fixation issue. A remote attacker can overwrite the stored session cookie of a user and gain access to the user's account through the activated session.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

POWER METER SICAM Q100 (7KG9501-0AA31-2AA1): before 2.50

POWER METER SICAM Q100 (7KG9501-0AA01-2AA1): before 2.50

External links

http://cert-portal.siemens.com/productcert/pdf/ssa-570294.pdficsa-22-314-11


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Input validation error

EUVDB-ID: #VU69170

Risk: Medium

CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-43439

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to insufficient validation of user-supplied input within the Language-parameter. A remote user can pass specially crafted input to the application and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

POWER METER SICAM Q100 (7KG9501-0AA01-2AA1): before 2.50

POWER METER SICAM Q100 (7KG9501-0AA31-2AA1): before 2.50

External links

http://cert-portal.siemens.com/productcert/pdf/ssa-570294.pdficsa-22-314-11


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Input validation error

EUVDB-ID: #VU69171

Risk: Medium

CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-43545

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to insufficient validation of user-supplied input within the RecordType-parameter. A remote user can pass specially crafted input to the application and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

POWER METER SICAM Q100 (7KG9501-0AA01-2AA1): before 2.50

POWER METER SICAM Q100 (7KG9501-0AA31-2AA1): before 2.50

External links

http://cert-portal.siemens.com/productcert/pdf/ssa-570294.pdficsa-22-314-11


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Input validation error

EUVDB-ID: #VU69172

Risk: Medium

CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-43546

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to insufficient validation of user-supplied input within the EndTime-parameter. A remote user can pass specially crafted input to the application and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

POWER METER SICAM Q100 (7KG9501-0AA01-2AA1): before 2.50

POWER METER SICAM Q100 (7KG9501-0AA31-2AA1): before 2.50

External links

http://cert-portal.siemens.com/productcert/pdf/ssa-570294.pdficsa-22-314-11


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###