CVE-2022-41665

Summary

A vulnerability has been identified in SICAM P850 (7KG8500-0AA00-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA00-2AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA10-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA10-2AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA30-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA30-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA01-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA01-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA02-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA02-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA11-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA11-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA12-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA12-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA31-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA31-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA32-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA32-2AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA00-0AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA00-2AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA10-0AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA10-2AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA30-0AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA30-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA01-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA01-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA02-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA02-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA11-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA11-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA12-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA12-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA31-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA31-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA32-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA32-2AA0) (All versions < V3.10), SICAM T (All versions < V3.0). Affected devices do not properly validate the parameter of a specific GET request. This could allow an unauthenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device.

Affected Software

VendorProductVersion RangeStatus
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM T0 < V3.0affected

Weaknesses

  • CWE-141: CWE-141: Improper Neutralization of Parameter/Argument Delimiters

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References