CVE-2022-43546

Name of the Vulnerable Software and Affected Versions POWER METER SICAM Q100 versions prior to V2.50 SICAM P850 versions prior to V3.10 SICAM P855 versions prior to V3.10

Description The issue is related to errors in processing input data, specifically with the EndType parameter in the web interface of the affected devices. This could allow a remote attacker to crash the device, which would then automatically reboot, or execute arbitrary code on the device. The affected devices do not properly validate the EndTime parameter in requests to the web interface on port 443/tcp.

Recommendations For POWER METER SICAM Q100 versions prior to V2.50, update to version V2.50 or later. For SICAM P850 versions prior to V3.10, update to version V3.10 or later. For SICAM P855 versions prior to V3.10, update to version V3.10 or later. As a temporary workaround, consider restricting access to the web interface on port 443/tcp to minimize the risk of exploitation. Avoid using the EndTime parameter in requests to the web interface until the issue is resolved.