ID
VAR-202205-0920
CVE
CVE-2022-29874
TITLE
Siemens SICAM P850 and SICAM P855 Devices Sensitive Information Cleartext Transmission Vulnerability
Trust: 0.6
DESCRIPTION
A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). Affected devices do not encrypt web traffic with clients but communicate in cleartext via HTTP. This could allow an unauthenticated attacker to capture the traffic and interfere with the functionality of the device. The SICAM P850 multifunctional measuring device is used to acquire, visualize, evaluate and transmit electrical measurement variables such as alternating current, alternating voltage, frequency, power, harmonics, etc. The SICAM P855 multifunction device is used to collect, display and transmit measured electrical variables such as AC current, AC voltage, power type, harmonics, etc. Measured values and events are collected and processed according to the power quality standard IEC 61000-4-30. Siemens SICAM P850 and SICAM P855
Trust: 1.53
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | siemens | model: | sicam p850 | scope: | lt | version: | v3.00 | Trust: 10.8 |
| vendor: | siemens | model: | sicam p855 | scope: | lt | version: | v3.00 | Trust: 10.8 |
| vendor: | siemens | model: | 7kg8500-0aa30-0aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8551-0aa12-0aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8501-0aa01-0aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8550-0aa00-2aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8501-0aa32-0aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8550-0aa00-0aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8551-0aa02-2aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8500-0aa00-2aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8501-0aa01-2aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8501-0aa12-0aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8550-0aa30-0aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8551-0aa32-0aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8550-0aa30-2aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8551-0aa11-0aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8551-0aa12-2aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8500-0aa00-0aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8501-0aa31-2aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8501-0aa02-2aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8551-0aa11-2aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8551-0aa32-2aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8550-0aa10-2aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8501-0aa12-2aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8551-0aa01-2aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8500-0aa10-0aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8500-0aa10-2aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8500-0aa30-2aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8501-0aa02-0aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8501-0aa11-2aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8551-0aa01-0aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8551-0aa02-0aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8551-0aa31-2aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8551-0aa31-0aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8550-0aa10-0aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8501-0aa11-0aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8501-0aa31-0aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
| vendor: | siemens | model: | 7kg8501-0aa32-2aa0 | scope: | lt | version: | 3.00 | Trust: 1.0 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-319 | Trust: 1.0 |
THREAT TYPE
remote
Trust: 0.6
TYPE
other
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | Patch for Siemens SICAM P850 and SICAM P855 Devices Sensitive Information Cleartext Transmission Vulnerability | url: | https://www.cnvd.org.cn/patchinfo/show/332526 | Trust: 0.6 |
| title: | Siemens SICAM Security vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=194234 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2022-29874 | Trust: 2.3 |
| db: | SIEMENS | id: | SSA-165073 | Trust: 2.2 |
| db: | ICS CERT | id: | ICSA-22-132-07 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2022-36396 | Trust: 0.6 |
| db: | AUSCERT | id: | ESB-2022.2357 | Trust: 0.6 |
| db: | CS-HELP | id: | SB2022051724 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202205-3129 | Trust: 0.6 |
| db: | VULMON | id: | CVE-2022-29874 | Trust: 0.1 |
REFERENCES
| url: | https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf | Trust: 1.6 |
| url: | https://cert-portal.siemens.com/productcert/html/ssa-165073.html | Trust: 0.6 |
| url: | https://www.cybersecurity-help.cz/vdb/sb2022051724 | Trust: 0.6 |
| url: | https://us-cert.cisa.gov/ics/advisories/icsa-22-132-07 | Trust: 0.6 |
| url: | https://cxsecurity.com/cveshow/cve-2022-29874/ | Trust: 0.6 |
| url: | https://www.auscert.org.au/bulletins/esb-2022.2357 | Trust: 0.6 |
| url: | https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-07 | Trust: 0.1 |
CREDITS
Michael Messner from Siemens Energy reported these vulnerabilities to Siemens.
Trust: 0.6
SOURCES
| db: | CNVD | id: | CNVD-2022-36396 |
| db: | VULMON | id: | CVE-2022-29874 |
| db: | NVD | id: | CVE-2022-29874 |
| db: | CNNVD | id: | CNNVD-202205-3129 |
LAST UPDATE DATE
2023-12-18T11:56:06.789000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2022-36396 | date: | 2022-05-11T00:00:00 |
| db: | NVD | id: | CVE-2022-29874 | date: | 2022-05-26T20:45:52.480 |
| db: | CNNVD | id: | CNNVD-202205-3129 | date: | 2022-05-30T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2022-36396 | date: | 2022-05-11T00:00:00 |
| db: | NVD | id: | CVE-2022-29874 | date: | 2022-05-20T13:15:16.030 |
| db: | CNNVD | id: | CNNVD-202205-3129 | date: | 2022-05-12T00:00:00 |