CVE-2022-43439

Summary

A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (All versions < V2.50), POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) (All versions < V2.50), POWER METER SICAM Q100 (7KG9501-0AA31-0AA1) (All versions < V2.50), POWER METER SICAM Q100 (7KG9501-0AA31-2AA1) (All versions < V2.50), SICAM P850 (7KG8500-0AA00-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA00-2AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA10-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA10-2AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA30-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA30-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA01-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA01-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA02-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA02-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA11-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA11-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA12-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA12-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA31-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA31-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA32-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA32-2AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA00-0AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA00-2AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA10-0AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA10-2AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA30-0AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA30-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA01-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA01-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA02-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA02-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA11-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA11-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA12-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA12-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA31-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA31-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA32-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA32-2AA0) (All versions < V3.10), SICAM T (All versions < V3.0). Affected devices do not properly validate the Language-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device.

Affected Software

VendorProductVersion RangeStatus
SiemensPOWER METER SICAM Q1000 < V2.50affected
SiemensPOWER METER SICAM Q1000 < V2.50affected
SiemensPOWER METER SICAM Q1000 < V2.50affected
SiemensPOWER METER SICAM Q1000 < V2.50affected
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM T0 < V3.0affected

Weaknesses

  • CWE-20: CWE-20: Improper Input Validation

ADP Enrichment

CVE Program Container

Additional References

References