CVE-2022-29876

Name of the Vulnerable Software and Affected Versions SICAM P850 versions prior to V3.00 SICAM P855 versions prior to V3.00

Description A vulnerability has been identified in the affected devices, which do not properly handle the input of a GET request parameter. The provided argument is directly reflected in the web server response, allowing an unauthenticated attacker to perform reflected XSS attacks. This issue is related to insufficient cleaning of user data in the GET request parameter, which could enable a remote attacker to conduct cross-site scripting attacks using a specially crafted link.

Recommendations For SICAM P850 versions prior to V3.00, update to version V3.00 or later to resolve the issue. For SICAM P855 versions prior to V3.00, update to version V3.00 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected devices to minimize the risk of exploitation. Avoid using the vulnerable parameter in the affected GET request until the issue is resolved.