CVE-2022-29874 — HIGH (8.8)

Q: How severe is CVE-2022-29874?

CVE-2022-29874 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-29874?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens 7Kg8500-0Aa00-0Aa0 Firmware, Siemens 7Kg8500-0Aa00-0Aa0, Siemens 7Kg8500-0Aa00-2Aa0 Firmware, Siemens 7Kg8500-0Aa00-2Aa0, Siemens 7Kg8500-0Aa10-0Aa0 Firmware.

Vulnerability Description

A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices do not encrypt web traffic with clients but communicate in cleartext via HTTP. This could allow an unauthenticated attacker to capture the traffic and interfere with the functionality of the device.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Siemens	7Kg8500-0Aa00-0Aa0 Firmware	< 3.00
Siemens	7Kg8500-0Aa00-0Aa0	-
Siemens	7Kg8500-0Aa00-2Aa0 Firmware	< 3.00
Siemens	7Kg8500-0Aa00-2Aa0	-
Siemens	7Kg8500-0Aa10-0Aa0 Firmware	< 3.00
Siemens	7Kg8500-0Aa10-0Aa0	-
Siemens	7Kg8500-0Aa10-2Aa0 Firmware	< 3.00
Siemens	7Kg8500-0Aa10-2Aa0	-
Siemens	7Kg8500-0Aa30-0Aa0 Firmware	< 3.00
Siemens	7Kg8500-0Aa30-0Aa0	-
Siemens	7Kg8500-0Aa30-2Aa0 Firmware	< 3.00
Siemens	7Kg8500-0Aa30-2Aa0	-
Siemens	7Kg8501-0Aa01-0Aa0 Firmware	< 3.00
Siemens	7Kg8501-0Aa01-0Aa0	-
Siemens	7Kg8501-0Aa01-2Aa0 Firmware	< 3.00
Siemens	7Kg8501-0Aa01-2Aa0	-
Siemens	7Kg8501-0Aa02-0Aa0 Firmware	< 3.00
Siemens	7Kg8501-0Aa02-0Aa0	-
Siemens	7Kg8501-0Aa02-2Aa0 Firmware	< 3.00
Siemens	7Kg8501-0Aa02-2Aa0	-

Related Weaknesses (CWE)

CWE-319

References

FAQ

What is CVE-2022-29874?

CVE-2022-29874 is a vulnerability with a CVSS score of 8.8 (HIGH). A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices do not encrypt web traffic with clients but communicate in cleartext via HTTP. This could allow an unauthenticate...

How severe is CVE-2022-29874?

CVE-2022-29874 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-29874?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens 7Kg8500-0Aa00-0Aa0 Firmware, Siemens 7Kg8500-0Aa00-0Aa0, Siemens 7Kg8500-0Aa00-2Aa0 Firmware, Siemens 7Kg8500-0Aa00-2Aa0, Siemens 7Kg8500-0Aa10-0Aa0 Firmware.