1. Home
  2. CVE Database
  3. CVE-2022-29878
HIGH · 7.5

CVE-2022-29878

A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices use a limited range for challenges that are sent during the unencrypted challenge-response communication. An unau...

Vulnerability Description

A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices use a limited range for challenges that are sent during the unencrypted challenge-response communication. An unauthenticated attacker could capture a valid challenge-response pair generated by a legitimate user, and request the webpage repeatedly to wait for the same challenge to reappear for which the correct response is known. This could allow the attacker to access the management interface of the device.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
Siemens7Kg8500-0Aa00-0Aa0 Firmware< 3.00
Siemens7Kg8500-0Aa00-0Aa0-
Siemens7Kg8500-0Aa00-2Aa0 Firmware< 3.00
Siemens7Kg8500-0Aa00-2Aa0-
Siemens7Kg8500-0Aa10-0Aa0 Firmware< 3.00
Siemens7Kg8500-0Aa10-0Aa0-
Siemens7Kg8500-0Aa10-2Aa0 Firmware< 3.00
Siemens7Kg8500-0Aa10-2Aa0-
Siemens7Kg8500-0Aa30-0Aa0 Firmware< 3.00
Siemens7Kg8500-0Aa30-0Aa0-
Siemens7Kg8500-0Aa30-2Aa0 Firmware< 3.00
Siemens7Kg8500-0Aa30-2Aa0-
Siemens7Kg8501-0Aa01-0Aa0 Firmware< 3.00
Siemens7Kg8501-0Aa01-0Aa0-
Siemens7Kg8501-0Aa01-2Aa0 Firmware< 3.00
Siemens7Kg8501-0Aa01-2Aa0-
Siemens7Kg8501-0Aa02-0Aa0 Firmware< 3.00
Siemens7Kg8501-0Aa02-0Aa0-
Siemens7Kg8501-0Aa02-2Aa0 Firmware< 3.00
Siemens7Kg8501-0Aa02-2Aa0-

Related Weaknesses (CWE)

CWE-294

References

FAQ

What is CVE-2022-29878?

CVE-2022-29878 is a vulnerability with a CVSS score of 7.5 (HIGH). A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices use a limited range for challenges that are sent during the unencrypted challenge-response communication. An unau...

How severe is CVE-2022-29878?

CVE-2022-29878 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-29878?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens 7Kg8500-0Aa00-0Aa0 Firmware, Siemens 7Kg8500-0Aa00-0Aa0, Siemens 7Kg8500-0Aa00-2Aa0 Firmware, Siemens 7Kg8500-0Aa00-2Aa0, Siemens 7Kg8500-0Aa10-0Aa0 Firmware.