A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10). Affected devices do not properly validate the EndTime-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0173.

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Vendors Products
Siemens
  • 7kg9501-0aa01-2aa1
  • 7kg9501-0aa01-2aa1 Firmware
  • 7kg9501-0aa31-2aa1
  • 7kg9501-0aa31-2aa1 Firmware
  • Sicam P850 Firmware
  • Sicam P855 Firmware
  • Sicam Q100 Firmware

Configuration 1 [-]

AND
cpe:2.3:o:siemens:7kg9501-0aa01-2aa1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:7kg9501-0aa01-2aa1:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:siemens:7kg9501-0aa31-2aa1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:7kg9501-0aa31-2aa1:-:*:*:*:*:*:*:*

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://cert-portal.siemens.com/productcert/pdf/ssa-570294.pdf cve-icon cve-icon
https://cert-portal.siemens.com/productcert/pdf/ssa-572005.pdf cve-icon cve-icon
https://cert-portal.siemens.com/productcert/pdf/ssa-887249.pdf cve-icon cve-icon
History

Mon, 21 Oct 2024 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Siemens sicam P850 Firmware
Siemens sicam P855 Firmware
Siemens sicam Q100 Firmware
CPEs cpe:2.3:o:siemens:sicam_p850_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:sicam_p855_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:sicam_q100_firmware:*:*:*:*:*:*:*:*
Vendors & Products Siemens sicam P850 Firmware
Siemens sicam P855 Firmware
Siemens sicam Q100 Firmware
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}
cve-icon MITRE

Status: PUBLISHED

Assigner: siemens

Published:

Updated: 2024-10-21T16:08:33.311Z

Reserved: 2022-10-20T00:00:00

Link: CVE-2022-43546

cve-icon Vulnrichment

Updated: 2024-08-03T13:32:59.647Z

cve-icon NVD

Status : Modified

Published: 2022-11-08T11:15:12.127

Modified: 2024-11-21T07:26:45.323

Link: CVE-2022-43546

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.