CVE-2022-29874 — Cleartext Transmission of Sensitive Info in Siemens Sicam T

CWE-319 — Cleartext Transmission of Sensitive Info3 documents3 sources

Severity

7.5HIGHNVD

CNA8.8

EPSS

0.3%

top 42.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Sicam T Siemens 7kg8500-0aa00-0aa0 Firmware Siemens 7kg8500-0aa00-2aa0 Firmware +34 more

Timeline

PublishedMay 20

Latest updateMay 21

Description

A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices do not encrypt web traffic with clients but communicate in cleartext via HTTP. This could allow an unauthenticated attacker to capture the traffic and interfere with the functionality of the device.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages37 packages

▶CVEListV5siemens/sicam_t< V3.0

▶NVDsiemens/7kg8500-0aa00-0aa0_firmware< 3.00

▶NVDsiemens/7kg8500-0aa00-2aa0_firmware< 3.00

▶NVDsiemens/7kg8500-0aa10-0aa0_firmware< 3.00

▶NVDsiemens/7kg8500-0aa10-2aa0_firmware< 3.00

Patches

Patch: cert-portal.siemens.com ↗Patch: cert-portal.siemens.com ↗

🔴Vulnerability Details

GHSA

GHSA-6vgf-xpr3-4724: A vulnerability has been identified in SICAM P850 (All versions < V3↗2022-05-21

▶

CVEList

CVE-2022-29874: A vulnerability has been identified in SICAM T (All versions < V3↗2022-05-10

▶