SB2022051724 - Multiple vulnerabilities in Siemens SICAM P850 and SICAM P855 Devices

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022051724

SB2022051724 - Multiple vulnerabilities in Siemens SICAM P850 and SICAM P855 Devices

Published: May 17, 2022

Security Bulletin ID SB2022051724
Severity
High
Patch available
YES
Number of vulnerabilities 11
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 9% Medium 55% Low 36%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 11 secuirty vulnerabilities.


1) Input validation error (CVE-ID: CVE-2022-29872)

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to the affected devices do not properly validate parameters of POST requests. A remote user can pass specially crafted input to the application and execute arbitrary code on the target system.


2) Input validation error (CVE-ID: CVE-2022-29873)

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to the affected devices do not properly validate parameters of certain GET and POST requests. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the target system.


3) Cleartext transmission of sensitive information (CVE-ID: CVE-2022-29874)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to software uses insecure communication channel to transmit sensitive information. A remote attacker can gain access to sensitive data and interfere with the functionality of the device.


4) Cross-site scripting (CVE-ID: CVE-2022-29876)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data within the GET request parameter. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


5) Missing Authentication for Critical Function (CVE-ID: CVE-2022-29877)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to the affected devices allow unauthenticated access to the web interface configuration area. A remote attacker can extract internal configuration details or reconfigure network settings.


6) Authentication Bypass by Capture-replay (CVE-ID: CVE-2022-29878)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to the affected devices use a limited range for challenges that are sent during the unencrypted challenge-response communication. A remote attacker can access the management interface of the device.


7) Missing Authentication for Critical Function (CVE-ID: CVE-2022-29879)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to the web based management interface does not employ special access protection for certain internal developer views. A remote user can access critical device information.


8) Stored cross-site scripting (CVE-ID: CVE-2022-29880)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the configuration interface. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


9) Missing Authentication for Critical Function (CVE-ID: CVE-2022-29881)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to the web based management interface does not employ special access protection for certain internal developer views. A remote user can extract internal configuration details.


10) Stored cross-site scripting (CVE-ID: CVE-2022-29882)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


11) Improper Authentication (CVE-ID: CVE-2022-29883)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests. A remote attacker can delete log files without authentication.


Remediation

Install update from vendor's website.

References