CVE-2022-29878

Name of the Vulnerable Software and Affected Versions Siemens SICAM P850 versions prior to V3.00 Siemens SICAM P855 versions prior to V3.00

Description The issue is related to the bypass of authentication procedures using a capture-replay attack on intercepted parameters. This could allow a remote attacker to gain access to the device's management interface. Affected devices use a limited range for challenges sent during unencrypted challenge-response communication, allowing an unauthenticated attacker to capture a valid challenge-response pair and reuse it to access the management interface.

Recommendations For Siemens SICAM P850 versions prior to V3.00, update to version V3.00 or later. For Siemens SICAM P855 versions prior to V3.00, update to version V3.00 or later. As a temporary workaround, consider restricting access to the management interface until a patch is available.