CVE-2022-29877

moderate-risk

Published 2022-05-20

A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). Affected devices allow unauthenticated access to the web interface configuration area. This could allow an attacker to extract internal configuration details or to reconfigure network settings. However, the reconfigured settings cannot be activated unless the role of an authenticated administrator user.

Do I need to act?

0.27% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.5/10 Medium

NETWORK / LOW complexity

Affected Products (20)

7Kg8500-0Aa00-0Aa0 Firmware

7Kg8500-0Aa00-2Aa0 Firmware

7Kg8500-0Aa10-0Aa0 Firmware

7Kg8500-0Aa10-2Aa0 Firmware

7Kg8500-0Aa30-0Aa0 Firmware

7Kg8500-0Aa30-2Aa0 Firmware

7Kg8501-0Aa01-0Aa0 Firmware

7Kg8501-0Aa01-2Aa0 Firmware

7Kg8501-0Aa02-0Aa0 Firmware

7Kg8501-0Aa02-2Aa0 Firmware

7Kg8501-0Aa11-0Aa0 Firmware

7Kg8501-0Aa11-2Aa0 Firmware

7Kg8501-0Aa12-0Aa0 Firmware

7Kg8501-0Aa12-2Aa0 Firmware

7Kg8501-0Aa31-0Aa0 Firmware

7Kg8501-0Aa31-2Aa0 Firmware

7Kg8501-0Aa32-0Aa0 Firmware

7Kg8501-0Aa32-2Aa0 Firmware

7Kg8550-0Aa00-0Aa0 Firmware

7Kg8550-0Aa00-2Aa0 Firmware

Affected Vendors

Siemens

References (2)

Patch https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 1/34 · Minimal

Exposure 23/34 · High