VDB
ICSA-22-286-09
ICSA-22-286-09
PUBLISHED
CVSS 7.5 HIGH
Session fixation and multiple incorrect parameter parsing vulnerabilities that could potentially lead to remote code execution were identified in the web server of SICAM P850 and SICAM P855 devices. Siemens has released updates for the affected products and recommends to update to the latest versions.
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SICAM P855 (7KG8550-0AA00-2AA0) | ||
| SICAM P850 (7KG8500-0AA10-2AA0) | ||
| SICAM P850 (7KG8501-0AA02-2AA0) | ||
| SICAM P850 (7KG8501-0AA12-2AA0) | ||
| SICAM P850 (7KG8501-0AA11-2AA0) | ||
| SICAM P850 (7KG8500-0AA30-2AA0) | ||
| SICAM P850 (7KG8501-0AA02-0AA0) | ||
| SICAM P850 (7KG8501-0AA31-2AA0) | ||
| SICAM P850 (7KG8500-0AA00-0AA0) | ||
| SICAM P855 (7KG8550-0AA00-0AA0) | ||
| SICAM P850 (7KG8501-0AA32-2AA0) | ||
| SICAM P850 (7KG8500-0AA30-0AA0) | ||
| SICAM P850 (7KG8501-0AA11-0AA0) | ||
| SICAM P850 (7KG8501-0AA01-2AA0) | ||
| SICAM P850 (7KG8500-0AA10-0AA0) | ||
| SICAM P850 (7KG8501-0AA31-0AA0) | ||
| SICAM P850 (7KG8501-0AA12-0AA0) | ||
| SICAM P850 (7KG8501-0AA01-0AA0) | ||
| SICAM P850 (7KG8500-0AA00-2AA0) | ||
| SICAM P850 (7KG8501-0AA32-0AA0) |
Timeline
- Oct 11, 2022 CVE Published
- May 6, 2025 CVE Updated
References
- https://cert-portal.siemens.com/productcert/csaf/ssa-572005.json advisory
- https://cert-portal.siemens.com/productcert/html/ssa-572005.html advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-572005.pdf advisory
- https://cert-portal.siemens.com/productcert/txt/ssa-572005.txt advisory
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-286-09.json advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-22-286-09 advisory
- https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 url
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
- https://www.cisa.gov/topics/industrial-control-systems url
- https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
- https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B url
- https://support.industry.siemens.com/cs/ww/en/view/109743594/ fix
- https://support.industry.siemens.com/cs/ww/en/view/109743621/ fix