CVE-2022-29879

CWE-306 — Missing Authentication3 documents3 sources

Severity

5.3MEDIUM

EPSS

0.4%

top 41.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Sicam T Siemens 7kg8500-0aa00-0aa0 Firmware Siemens 7kg8500-0aa00-2aa0 Firmware +34 more

Timeline

PublishedMay 20

Latest updateMay 21

Description

A vulnerability has been identified in SICAM T (All versions < V3.0). The web based management interface of affected devices does not employ special access protection for certain internal developer views. This could allow authenticated users to access critical device information.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages37 packages

▶CVEListV5siemens/sicam_t< V3.0

▶NVDsiemens/7kg8500-0aa00-0aa0_firmware< 3.00

▶NVDsiemens/7kg8500-0aa00-2aa0_firmware< 3.00

▶NVDsiemens/7kg8500-0aa10-0aa0_firmware< 3.00

▶NVDsiemens/7kg8500-0aa10-2aa0_firmware< 3.00

Patches

Patch: cert-portal.siemens.com ↗Patch: cert-portal.siemens.com ↗

🔴Vulnerability Details

GHSA

GHSA-7gjg-3mrx-xxf9: A vulnerability has been identified in SICAM P850 (All versions < V3↗2022-05-21

▶

CVEList

CVE-2022-29879: A vulnerability has been identified in SICAM T (All versions < V3↗2022-05-10

▶