CVE-2022-43546 — Improper Input Validation in Siemens Power Meter Sicam Q100

CWE-20 — Improper Input Validation3 documents3 sources

Severity

8.8HIGHNVD

CNA9.9

EPSS

1.5%

top 19.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens 7kg9501-0aa01-2aa1 Firmware Siemens 7kg9501-0aa31-2aa1 Firmware Siemens Power Meter Sicam Q100 +2 more

Timeline

PublishedNov 8

Description

A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

▶CVEListV5siemens/sicam_p850All versions < V3.10

▶CVEListV5siemens/sicam_p855All versions < V3.10

▶CVEListV5siemens/power_meter_sicam_q100All versions < V2.50

▶NVDsiemens/7kg9501-0aa01-2aa1_firmware< 2.50

▶NVDsiemens/7kg9501-0aa31-2aa1_firmware< 2.50

Patches

Patch: cert-portal.siemens.com ↗Patch: cert-portal.siemens.com ↗

🔴Vulnerability Details

CVEList

CVE-2022-43546: A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2↗2022-11-08

▶

GHSA

GHSA-q4h3-2q46-2v65: A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2↗2022-11-08

▶