CVE-2022-43439

Name of the Vulnerable Software and Affected Versions POWER METER SICAM Q100 versions prior to V2.50 SICAM P850 versions prior to V3.10 SICAM P855 versions prior to V3.10

Description The issue is related to errors in processing input data, specifically with the Language parameter in the web interface of the affected devices. This could allow a remote attacker to crash the device, leading to an automatic reboot, or execute arbitrary code on the device. The affected devices do not properly validate the Language-parameter in requests to the web interface on port 443/tcp.

Recommendations For POWER METER SICAM Q100 versions prior to V2.50, update to version V2.50 or later. For SICAM P850 versions prior to V3.10, update to version V3.10 or later. For SICAM P855 versions prior to V3.10, update to version V3.10 or later. As a temporary workaround, consider restricting access to the web interface on port 443/tcp to minimize the risk of exploitation. Avoid using the Language parameter in requests to the web interface until the issue is resolved.