PT-2022-3246 · Siemens · Sicam P850+1
Published
2022-04-28
·
Updated
2023-06-28
·
CVE-2022-29883
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
SICAM P850 versions prior to V3.00
SICAM P855 versions prior to V3.00
Description
The issue is related to weaknesses in the authentication procedure of the affected devices. This could allow a remote attacker to delete security log files without proper authentication. The affected devices do not restrict unauthenticated access to certain pages of the web interface.
Recommendations
For SICAM P850 versions prior to V3.00, update to version V3.00 or later to resolve the issue.
For SICAM P855 versions prior to V3.00, update to version V3.00 or later to resolve the issue.
As a temporary workaround, consider restricting access to the web interface to minimize the risk of exploitation.
Fix
Missing Authentication
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sicam P850
Sicam P855