CVE-2022-29882

Name of the Vulnerable Software and Affected Versions Siemens SICAM P850 versions prior to V3.00 Siemens SICAM P855 versions prior to V3.00

Description The issue is related to the handling of uploaded files, which can be exploited by an unauthenticated attacker to store an XSS attack. When a legitimate user accesses the error logs, the attacker could perform arbitrary actions in the name of the user. This situation can lead to inter-site script attacks.

Recommendations For Siemens SICAM P850 versions prior to V3.00, update to version V3.00 or later to resolve the issue. For Siemens SICAM P855 versions prior to V3.00, update to version V3.00 or later to resolve the issue. As a temporary workaround, consider restricting access to the error logs until a patch is available. Avoid using the affected devices for sensitive operations until the issue is resolved.