Multiple vulnerabilities Siemens SICAM Q200 Devices

Published: 2023-06-16

Risk	Medium
Patch available	YES
Number of vulnerabilities	6
CVE-ID	CVE-2022-43398 CVE-2022-43439 CVE-2022-43545 CVE-2022-43546 CVE-2023-30901 CVE-2023-31238
CWE-ID	CWE-384 CWE-20 CWE-352 CWE-732
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	POWER METER SICAM Q200 Hardware solutions / Firmware
Vendor	Siemens

Security Bulletin

This security bulletin contains information about 6 vulnerabilities.

1) Session Fixation

EUVDB-ID: #VU69169

Risk: Medium

CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-43398

CWE-ID: CWE-384 - Session Fixation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the session fixation issue. A remote attacker can overwrite the stored session cookie of a user and gain access to the user's account through the activated session.

Mitigation

Install update from vendor's website.

Vulnerable software versions

POWER METER SICAM Q200: before 2.70

CPE2.3

cpe:2.3:h:siemens:power_meter_sicam_q200:*:*:*:*:*:*:*:*

External links

http://cert-portal.siemens.com/productcert/txt/ssa-887249.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Input validation error

EUVDB-ID: #VU69170

Risk: Medium

CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-43439

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to insufficient validation of user-supplied input within the Language-parameter. A remote user can pass specially crafted input to the application and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

POWER METER SICAM Q200: before 2.70

CPE2.3

cpe:2.3:h:siemens:power_meter_sicam_q200:*:*:*:*:*:*:*:*

External links

http://cert-portal.siemens.com/productcert/txt/ssa-887249.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Input validation error

EUVDB-ID: #VU69171

Risk: Medium

CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-43545

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to insufficient validation of user-supplied input within the RecordType-parameter. A remote user can pass specially crafted input to the application and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

POWER METER SICAM Q200: before 2.70

CPE2.3

cpe:2.3:h:siemens:power_meter_sicam_q200:*:*:*:*:*:*:*:*

External links

http://cert-portal.siemens.com/productcert/txt/ssa-887249.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Input validation error

EUVDB-ID: #VU69172

Risk: Medium

CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-43546

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to insufficient validation of user-supplied input within the EndTime-parameter. A remote user can pass specially crafted input to the application and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

POWER METER SICAM Q200: before 2.70

CPE2.3

cpe:2.3:h:siemens:power_meter_sicam_q200:*:*:*:*:*:*:*:*

External links

http://cert-portal.siemens.com/productcert/txt/ssa-887249.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Cross-site request forgery

EUVDB-ID: #VU77477

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-30901

CWE-ID: CWE-352 - Cross-Site Request Forgery (CSRF)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform cross-site request forgery attacks.

The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.

Mitigation

Install update from vendor's website.

Vulnerable software versions

POWER METER SICAM Q200: before 2.70

CPE2.3

cpe:2.3:h:siemens:power_meter_sicam_q200:*:*:*:*:*:*:*:*

External links

http://cert-portal.siemens.com/productcert/txt/ssa-887249.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Incorrect permission assignment for critical resource

EUVDB-ID: #VU77478

Risk: Medium

CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-31238

CWE-ID: CWE-732 - Incorrect Permission Assignment for Critical Resource

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to missing cookie protection flags when using the default settings. A remote user can impersonate a legitimate application user.

Mitigation

Install update from vendor's website.

Vulnerable software versions

POWER METER SICAM Q200: before 2.70

CPE2.3

cpe:2.3:h:siemens:power_meter_sicam_q200:*:*:*:*:*:*:*:*

External links

http://cert-portal.siemens.com/productcert/txt/ssa-887249.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.