CVE-2022-41665

11.10.2022, 11:15

A vulnerability has been identified in SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10). Affected devices do not properly validate the parameter of a specific GET request. This could allow an unauthenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
siemens	CNA	9.8 CRITICAL				CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 52%

Vendor	Product	Version
siemens	7kg8500-0aa00-0aa0_firmware	𝑥 < 3.10
siemens	7kg8500-0aa00-2aa0_firmware	𝑥 < 3.10
siemens	7kg8500-0aa10-0aa0_firmware	𝑥 < 3.10
siemens	7kg8500-0aa10-2aa0_firmware	𝑥 < 3.10
siemens	7kg8500-0aa30-0aa0_firmware	𝑥 < 3.10
siemens	7kg8500-0aa30-2aa0_firmware	𝑥 < 3.10
siemens	7kg8501-0aa01-0aa0_firmware	𝑥 < 3.10
siemens	7kg8501-0aa01-2aa0_firmware	𝑥 < 3.10
siemens	7kg8501-0aa02-0aa0_firmware	𝑥 < 3.10
siemens	7kg8501-0aa02-2aa0_firmware	𝑥 < 3.10
siemens	7kg8501-0aa11-0aa0_firmware	𝑥 < 3.10
siemens	7kg8501-0aa11-2aa0_firmware	𝑥 < 3.10
siemens	7kg8501-0aa12-0aa0_firmware	𝑥 < 3.10
siemens	7kg8501-0aa12-2aa0_firmware	𝑥 < 3.10
siemens	7kg8501-0aa31-0aa0_firmware	𝑥 < 3.10
siemens	7kg8501-0aa31-2aa0_firmware	𝑥 < 3.10
siemens	7kg8501-0aa32-0aa0_firmware	𝑥 < 3.10
siemens	7kg8501-0aa32-2aa0_firmware	𝑥 < 3.10
siemens	7kg8550-0aa00-0aa0_firmware	𝑥 < 3.10
siemens	7kg8550-0aa00-2aa0_firmware	𝑥 < 3.10
siemens	7kg8550-0aa10-0aa0_firmware	𝑥 < 3.10
siemens	7kg8550-0aa10-2aa0_firmware	𝑥 < 3.10
siemens	7kg8550-0aa30-0aa0_firmware	𝑥 < 3.10
siemens	7kg8550-0aa30-2aa0_firmware	𝑥 < 3.10
siemens	7kg8551-0aa01-0aa0_firmware	𝑥 < 3.10
siemens	7kg8551-0aa01-2aa0_firmware	𝑥 < 3.10
siemens	7kg8551-0aa02-0aa0_firmware	𝑥 < 3.10
siemens	7kg8551-0aa02-2aa0_firmware	𝑥 < 3.10
siemens	7kg8551-0aa11-0aa0_firmware	𝑥 < 3.10
siemens	7kg8551-0aa11-2aa0_firmware	𝑥 < 3.10
siemens	7kg8551-0aa12-0aa0_firmware	𝑥 < 3.10
siemens	7kg8551-0aa12-2aa0_firmware	𝑥 < 3.10
siemens	7kg8551-0aa31-0aa0_firmware	𝑥 < 3.10
siemens	7kg8551-0aa31-2aa0_firmware	𝑥 < 3.10
siemens	7kg8551-0aa32-0aa0_firmware	𝑥 < 3.10
siemens	7kg8551-0aa32-2aa0_firmware	𝑥 < 3.10

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-141 - Improper Neutralization of Parameter/Argument Delimiters
The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as parameter or argument delimiters when they are sent to a downstream component.

References

https://cert-portal.siemens.com/productcert/pdf/ssa-572005.pdf