CVE-2022-29884 - OpenCVE

A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < CPC80 V16.30), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < CPC80 V16.30), CP-8021 MASTER MODULE (All versions < CPC80 V16.30), CP-8022 MASTER MODULE WITH GPRS (All versions < CPC80 V16.30). When using the HTTPS server under specific conditions, affected devices do not properly free resources. This could allow an unauthenticated remote attacker to put the device into a denial of service condition.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:M/Au:N/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Siemens	Sicam A8000 Cp-8000 Sicam A8000 Cp-8000 Firmware Sicam A8000 Cp-8021 Sicam A8000 Cp-8021 Firmware Sicam A8000 Cp-8022 Sicam A8000 Cp-8022 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:siemens:sicam_a8000_cp-8000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:sicam_a8000_cp-8000:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:siemens:sicam_a8000_cp-8021_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:sicam_a8000_cp-8021:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:siemens:sicam_a8000_cp-8022_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:sicam_a8000_cp-8022:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://cert-portal.siemens.com/productcert/pdf/ssa-491621.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2022-07-12T10:06:40

Updated: 2024-08-03T06:33:43.055Z

Reserved: 2022-04-28T00:00:00

Link: CVE-2022-29884

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-07-12T10:15:10.547

Modified: 2022-07-19T18:18:45.773

Link: CVE-2022-29884

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "CP-8000 MASTER MODULE WITH I/O -25/+70\u00b0C", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < CPC80 V16.30"}]}, {"product": "CP-8000 MASTER MODULE WITH I/O -40/+70\u00b0C", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < CPC80 V16.30"}]}, {"product": "CP-8021 MASTER MODULE", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < CPC80 V16.30"}]}, {"product": "CP-8022 MASTER MODULE WITH GPRS", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < CPC80 V16.30"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70\u00b0C (All versions < CPC80 V16.30), CP-8000 MASTER MODULE WITH I/O -40/+70\u00b0C (All versions < CPC80 V16.30), CP-8021 MASTER MODULE (All versions < CPC80 V16.30), CP-8022 MASTER MODULE WITH GPRS (All versions < CPC80 V16.30). When using the HTTPS server under specific conditions, affected devices do not properly free resources. This could allow an unauthenticated remote attacker to put the device into a denial of service condition."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-772", "description": "CWE-772: Missing Release of Resource after Effective Lifetime", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-07-12T10:06:40", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491621.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "productcert@siemens.com", "ID": "CVE-2022-29884", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "CP-8000 MASTER MODULE WITH I/O -25/+70\u00b0C", "version": {"version_data": [{"version_value": "All versions < CPC80 V16.30"}]}}, {"product_name": "CP-8000 MASTER MODULE WITH I/O -40/+70\u00b0C", "version": {"version_data": [{"version_value": "All versions < CPC80 V16.30"}]}}, {"product_name": "CP-8021 MASTER MODULE", "version": {"version_data": [{"version_value": "All versions < CPC80 V16.30"}]}}, {"product_name": "CP-8022 MASTER MODULE WITH GPRS", "version": {"version_data": [{"version_value": "All versions < CPC80 V16.30"}]}}]}, "vendor_name": "Siemens"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70\u00b0C (All versions < CPC80 V16.30), CP-8000 MASTER MODULE WITH I/O -40/+70\u00b0C (All versions < CPC80 V16.30), CP-8021 MASTER MODULE (All versions < CPC80 V16.30), CP-8022 MASTER MODULE WITH GPRS (All versions < CPC80 V16.30). When using the HTTPS server under specific conditions, affected devices do not properly free resources. This could allow an unauthenticated remote attacker to put the device into a denial of service condition."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-772: Missing Release of Resource after Effective Lifetime"}]}]}, "references": {"reference_data": [{"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-491621.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491621.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T06:33:43.055Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491621.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-29884", "datePublished": "2022-07-12T10:06:40", "dateReserved": "2022-04-28T00:00:00", "dateUpdated": "2024-08-03T06:33:43.055Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:sicam_a8000_cp-8000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6A3EDA09-C712-416E-BEE4-B49F867FEB56", "versionEndExcluding": "16.30", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:sicam_a8000_cp-8000:-:*:*:*:*:*:*:*", "matchCriteriaId": "8DEF18ED-BF87-4CFA-A4BA-3387AC8964B3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:sicam_a8000_cp-8021_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "41F8797E-D4EC-4758-B526-35178F304DE1", "versionEndExcluding": "16.30", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:sicam_a8000_cp-8021:-:*:*:*:*:*:*:*", "matchCriteriaId": "65362A2F-DB6D-4D7F-87B5-10E18EE990F0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:sicam_a8000_cp-8022_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1182239D-D513-4C0F-8460-D4BDD6A2373A", "versionEndExcluding": "16.30", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:sicam_a8000_cp-8022:-:*:*:*:*:*:*:*", "matchCriteriaId": "64D59FE8-03FD-4E5B-B7D2-47F31E98A187", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70\u00b0C (All versions < CPC80 V16.30), CP-8000 MASTER MODULE WITH I/O -40/+70\u00b0C (All versions < CPC80 V16.30), CP-8021 MASTER MODULE (All versions < CPC80 V16.30), CP-8022 MASTER MODULE WITH GPRS (All versions < CPC80 V16.30). When using the HTTPS server under specific conditions, affected devices do not properly free resources. This could allow an unauthenticated remote attacker to put the device into a denial of service condition."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en el MASTER MODULE CP-8000 CON E/S -25/+70\u00b0C (Todas las versiones anteriores a CPC80 V16.30), MASTER MODULE CP-8000 CON E/S -40/+70\u00b0C (Todas las versiones anteriores a CPC80 V16.30), MASTER MODULE CP-8021 (Todas las versiones anteriores a CPC80 V16.30), MASTER MODULE CP-8022 CON GPRS (Todas las versiones anteriores a CPC80 V16.30). Cuando es usado el servidor HTTPS en condiciones espec\u00edficas, los dispositivos afectados no liberan apropiadamente los recursos. Esto podr\u00eda permitir a un atacante remoto no autenticado poner el dispositivo en una condici\u00f3n de denegaci\u00f3n de servicio"}], "id": "CVE-2022-29884", "lastModified": "2022-07-19T18:18:45.773", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-07-12T10:15:10.547", "references": [{"source": "productcert@siemens.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491621.pdf"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-772"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-772"}], "source": "productcert@siemens.com", "type": "Secondary"}]}