CVE-2023-30901

Summary

A vulnerability has been identified in SICAM P850 (7KG8500-0AA00-0AA0) (All versions < V3.11), SICAM P850 (7KG8500-0AA00-2AA0) (All versions < V3.11), SICAM P850 (7KG8500-0AA10-0AA0) (All versions < V3.11), SICAM P850 (7KG8500-0AA10-2AA0) (All versions < V3.11), SICAM P850 (7KG8500-0AA30-0AA0) (All versions < V3.11), SICAM P850 (7KG8500-0AA30-2AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA01-0AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA01-2AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA02-0AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA02-2AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA11-0AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA11-2AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA12-0AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA12-2AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA31-0AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA31-2AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA32-0AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA32-2AA0) (All versions < V3.11), SICAM P855 (7KG8550-0AA00-0AA0) (All versions < V3.11), SICAM P855 (7KG8550-0AA00-2AA0) (All versions < V3.11), SICAM P855 (7KG8550-0AA10-0AA0) (All versions < V3.11), SICAM P855 (7KG8550-0AA10-2AA0) (All versions < V3.11), SICAM P855 (7KG8550-0AA30-0AA0) (All versions < V3.11), SICAM P855 (7KG8550-0AA30-2AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA01-0AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA01-2AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA02-0AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA02-2AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA11-0AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA11-2AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA12-0AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA12-2AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA31-0AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA31-2AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA32-0AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA32-2AA0) (All versions < V3.11), SICAM T (All versions < V3.0). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user.

Affected Software

VendorProductVersion RangeStatus
SiemensSICAM P8500 < V3.11affected
SiemensSICAM P8500 < V3.11affected
SiemensSICAM P8500 < V3.11affected
SiemensSICAM P8500 < V3.11affected
SiemensSICAM P8500 < V3.11affected
SiemensSICAM P8500 < V3.11affected
SiemensSICAM P8500 < V3.11affected
SiemensSICAM P8500 < V3.11affected
SiemensSICAM P8500 < V3.11affected
SiemensSICAM P8500 < V3.11affected
SiemensSICAM P8500 < V3.11affected
SiemensSICAM P8500 < V3.11affected
SiemensSICAM P8500 < V3.11affected
SiemensSICAM P8500 < V3.11affected
SiemensSICAM P8500 < V3.11affected
SiemensSICAM P8500 < V3.11affected
SiemensSICAM P8500 < V3.11affected
SiemensSICAM P8500 < V3.11affected
SiemensSICAM P8550 < V3.11affected
SiemensSICAM P8550 < V3.11affected
SiemensSICAM P8550 < V3.11affected
SiemensSICAM P8550 < V3.11affected
SiemensSICAM P8550 < V3.11affected
SiemensSICAM P8550 < V3.11affected
SiemensSICAM P8550 < V3.11affected
SiemensSICAM P8550 < V3.11affected
SiemensSICAM P8550 < V3.11affected
SiemensSICAM P8550 < V3.11affected
SiemensSICAM P8550 < V3.11affected
SiemensSICAM P8550 < V3.11affected
SiemensSICAM P8550 < V3.11affected
SiemensSICAM P8550 < V3.11affected
SiemensSICAM P8550 < V3.11affected
SiemensSICAM P8550 < V3.11affected
SiemensSICAM P8550 < V3.11affected
SiemensSICAM P8550 < V3.11affected
SiemensSICAM T0 < V3.0affected

Weaknesses

  • CWE-352: CWE-352: Cross-Site Request Forgery (CSRF)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References