Skip to main content

Severity by source

Vendor (siemens) PRIMARY
9.3 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (siemens) · only source for this CVE.

CVSS VectorVendor: siemens

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

1
CVE Published
May 20, 2022 - 13:15 cve.org
CRITICAL 9.3

DescriptionCVE.org

A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices do not properly validate parameters of certain GET and POST requests. This could allow an unauthenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device.

AnalysisAI

A vulnerability has been identified in SICAM T (All versions < V3.0). Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-141. A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices do not properly validate parameters of certain GET and POST requests. This could allow an unauthenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device. Affected products include: Siemens 7Kg8500-0Aa00-0Aa0 Firmware, Siemens 7Kg8500-0Aa00-2Aa0 Firmware, Siemens 7Kg8500-0Aa10-0Aa0 Firmware, Siemens 7Kg8500-0Aa10-2Aa0 Firmware, Siemens 7Kg8500-0Aa30-0Aa0 Firmware.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2022-41665 HIGH
8.8 Oct 11

A vulnerability has been identified in SICAM P850 (7KG8500-0AA00-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA00

CVE-2022-29874 HIGH
8.8 May 20

A vulnerability has been identified in SICAM T (All versions < V3.0). Rated high severity (CVSS 8.8), this vulnerability

CVE-2022-29872 HIGH
8.7 May 20

A vulnerability has been identified in SICAM T (All versions < V3.0). Rated high severity (CVSS 8.7), this vulnerability

CVE-2022-40226 HIGH
8.1 Oct 11

A vulnerability has been identified in SICAM P850 (7KG8500-0AA00-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA00

CVE-2022-29878 HIGH
7.5 May 20

A vulnerability has been identified in SICAM T (All versions < V3.0). Rated high severity (CVSS 7.5), this vulnerability

CVE-2022-29882 HIGH
7.1 May 20

A vulnerability has been identified in SICAM T (All versions < V3.0). Rated high severity (CVSS 7.1), this vulnerability

CVE-2022-29876 HIGH
7.1 May 20

A vulnerability has been identified in SICAM T (All versions < V3.0). Rated high severity (CVSS 7.1), this vulnerability

CVE-2022-29883 MEDIUM
6.9 May 20

A vulnerability has been identified in SICAM T (All versions < V3.0). Rated medium severity (CVSS 6.9), this vulnerabili

CVE-2022-29881 MEDIUM
6.9 May 20

A vulnerability has been identified in SICAM T (All versions < V3.0). Rated medium severity (CVSS 6.9), this vulnerabili

CVE-2022-29880 MEDIUM
6.5 May 20

A vulnerability has been identified in SICAM T (All versions < V3.0). Rated medium severity (CVSS 6.5), this vulnerabili

CVE-2022-29877 MEDIUM
6.5 May 20

A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850

CVE-2022-29879 MEDIUM
5.3 May 20

A vulnerability has been identified in SICAM T (All versions < V3.0). Rated medium severity (CVSS 5.3), this vulnerabili

Share

CVE-2022-29873 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy