Siemens Sicam T vulnerabilities

CVE-2023-30901 [MEDIUM] CWE-352 CVE-2023-30901: A vulnerability has been identified in SICAM P850 (7KG8500-0AA00-0AA0) (All versions < V3.11), SICAM A vulnerability has been identified in SICAM P850 (7KG8500-0AA00-0AA0) (All versions < V3.11), SICAM P850 (7KG8500-0AA00-2AA0) (All versions < V3.11), SICAM P850 (7KG8500-0AA10-0AA0) (All versions < V3.11), SICAM P850 (7KG8500-0AA10-2AA0) (All versions < V3.11), SICAM P850 (7KG8500-0AA30-0AA0) (All versions < V3.11), SICAM P850 (7KG8500-0AA30-2AA0)

CVE-2023-31238 [MEDIUM] CWE-732 CVE-2023-31238: A vulnerability has been identified in SICAM P850 (7KG8500-0AA00-0AA0) (All versions < V3.11), SICAM A vulnerability has been identified in SICAM P850 (7KG8500-0AA00-0AA0) (All versions < V3.11), SICAM P850 (7KG8500-0AA00-2AA0) (All versions < V3.11), SICAM P850 (7KG8500-0AA10-0AA0) (All versions < V3.11), SICAM P850 (7KG8500-0AA10-2AA0) (All versions < V3.11), SICAM P850 (7KG8500-0AA30-0AA0) (All versions < V3.11), SICAM P850 (7KG8500-0AA30-2AA0)

CVE-2022-43439 [CRITICAL] CWE-20 CVE-2022-43439: A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (All versions < V A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (All versions < V2.50), POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) (All versions < V2.50), POWER METER SICAM Q100 (7KG9501-0AA31-0AA1) (All versions < V2.50), POWER METER SICAM Q100 (7KG9501-0AA31-2AA1) (All versions < V2.50), SICAM P850 (7KG8500-0AA00-0AA0) (All ve

CVE-2022-41665 [CRITICAL] CWE-141 CVE-2022-41665: A vulnerability has been identified in SICAM P850 (7KG8500-0AA00-0AA0) (All versions < V3.10), SICAM A vulnerability has been identified in SICAM P850 (7KG8500-0AA00-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA00-2AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA10-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA10-2AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA30-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA30-2AA0

CVE-2022-40226 [HIGH] CWE-384 CVE-2022-40226: A vulnerability has been identified in SICAM P850 (7KG8500-0AA00-0AA0) (All versions < V3.10), SICAM A vulnerability has been identified in SICAM P850 (7KG8500-0AA00-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA00-2AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA10-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA10-2AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA30-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA30-2AA0) (A

CVE-2022-29873 [CRITICAL] CWE-141 CVE-2022-29873: A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices do not proper A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices do not properly validate parameters of certain GET and POST requests. This could allow an unauthenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device.

CVE-2022-29878 [HIGH] CWE-294 CVE-2022-29878: A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices use a limited A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices use a limited range for challenges that are sent during the unencrypted challenge-response communication. An unauthenticated attacker could capture a valid challenge-response pair generated by a legitimate user, and request the webpage repeatedly to wait for the sam

CVE-2022-29872 [HIGH] CWE-141 CVE-2022-29872: A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices do not proper A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices do not properly validate parameters of POST requests. This could allow an authenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device.

CVE-2022-29874 [HIGH] CWE-319 CVE-2022-29874: A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices do not encryp A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices do not encrypt web traffic with clients but communicate in cleartext via HTTP. This could allow an unauthenticated attacker to capture the traffic and interfere with the functionality of the device.

CVE-2022-29879 [MEDIUM] CWE-306 CVE-2022-29879: A vulnerability has been identified in SICAM T (All versions < V3.0). The web based management inter A vulnerability has been identified in SICAM T (All versions < V3.0). The web based management interface of affected devices does not employ special access protection for certain internal developer views. This could allow authenticated users to access critical device information.

CVE-2022-29881 [MEDIUM] CWE-306 CVE-2022-29881: A vulnerability has been identified in SICAM T (All versions < V3.0). The web based management inter A vulnerability has been identified in SICAM T (All versions < V3.0). The web based management interface of affected devices does not employ special access protection for certain internal developer views. This could allow unauthenticated users to extract internal configuration details.

CVE-2022-29876 [HIGH] CWE-79 CVE-2022-29876: A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices do not proper A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices do not properly handle the input of a GET request parameter. The provided argument is directly reflected in the web server response. This could allow an unauthenticated attacker to perform reflected XSS attacks.

CVE-2022-29882 [HIGH] CWE-79 CVE-2022-29882: A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices do not handle A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices do not handle uploaded files correctly. An unauthenticated attacker could take advantage of this situation to store an XSS attack, which could - when a legitimate user accesses the error logs - perform arbitrary actions in the name of the user.

CVE-2022-29880 [MEDIUM] CWE-79 CVE-2022-29880: A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices do not proper A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices do not properly validate input in the configuration interface. This could allow an authenticated attacker to place persistent XSS attacks to perform arbitrary actions in the name of a logged user which accesses the affected views.

CVE-2022-29883 [MEDIUM] CWE-287 CVE-2022-29883: A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices do not restri A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices do not restrict unauthenticated access to certain pages of the web interface. This could allow an attacker to delete log files without authentication.