cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-43439,https://securityvulnerability.io/vulnerability/CVE-2022-43439,Vulnerability in POWER METER SICAM Q200 Family and SICAM P850/P855 Products by Siemens,"A vulnerability exists in the POWER METER SICAM Q200 family and the SICAM P850/P855, affecting versions below specified thresholds. The devices fail to properly validate the Language-parameter in requests made to the web interface over port 443. This oversight allows an authenticated remote attacker to disrupt the device's functioning by causing it to crash, which is followed by an automatic reboot. Additionally, it opens the possibility for arbitrary code execution, posing significant security risks to systems utilizing these meters.",Siemens,"Power Meter Sicam Q100,Sicam P850,Sicam P855",9.9,CRITICAL,0.004749999847263098,false,,false,false,false,,false,false,2022-11-08T00:00:00.000Z,0
CVE-2022-43546,https://securityvulnerability.io/vulnerability/CVE-2022-43546,Remote Code Execution Vulnerability in POWER METER SICAM Q200 and P850 Series,"A vulnerability exists in the web interface of POWER METER SICAM Q200 and P850 series devices, stemming from improper validation of the EndTime parameter in requests sent to port 443/tcp. This oversight can be exploited by an authenticated remote attacker, leading to potential device crashes followed by automatic reboots or enabling unauthorized arbitrary code execution.",Siemens,"Power Meter Sicam Q100,Sicam P850,Sicam P855",9.9,CRITICAL,0.004749999847263098,false,,false,false,false,,false,false,2022-11-08T00:00:00.000Z,0
CVE-2022-43545,https://securityvulnerability.io/vulnerability/CVE-2022-43545,Remote Code Execution Vulnerability in POWER METER Products by Siemens,"A vulnerability exists in the POWER METER SICAM Q200 family and SICAM P850/P855 products, where affected devices fail to properly validate the RecordType parameter in requests sent to its web interface via port 443/tcp. This flaw may allow an authenticated remote attacker to crash the device, causing it to reboot, or even execute arbitrary code. Users are urged to upgrade to the latest versions to mitigate potential risks.",Siemens,"Power Meter Sicam Q100,Sicam P850,Sicam P855",9.9,CRITICAL,0.004749999847263098,false,,false,false,false,,false,false,2022-11-08T00:00:00.000Z,0
CVE-2022-41665,https://securityvulnerability.io/vulnerability/CVE-2022-41665,SICAM P850 and P855 Vulnerability in Siemens Products,"A vulnerability exists in the Siemens SICAM P850 and P855 devices due to improper validation of parameters in a specific GET request. This flaw could enable an unauthenticated attacker to manipulate the device, potentially leading to a denial of service, or worse, allowing execution of arbitrary code on the device. Users are advised to update to the latest versions to mitigate these risks.",Siemens,"Sicam P850,Sicam P855",9.8,CRITICAL,0.0009299999801442027,false,,false,false,false,,false,false,2022-10-11T00:00:00.000Z,0
CVE-2022-40226,https://securityvulnerability.io/vulnerability/CVE-2022-40226,Session Cookie Vulnerability in SICAM P850 and P855 Products by Siemens,"A vulnerability has been identified in the SICAM P850 and P855 products from Siemens, where affected devices accept user-defined session cookies without renewing them after login or logout. This design flaw allows potential attackers to hijack user sessions, leading to unauthorized access to sensitive information or functionalities within these systems. It is imperative for users of these products to take immediate steps to update to the latest versions to mitigate the risk of session hijacking.",Siemens,"Sicam P850,Sicam P855",7.5,HIGH,0.0005699999746866524,false,,false,false,false,,false,false,2022-10-11T00:00:00.000Z,0
CVE-2022-29883,https://securityvulnerability.io/vulnerability/CVE-2022-29883,Access Control Vulnerability in SICAM P850 and P855 Products by Siemens,"A significant access control vulnerability has been discovered in the Siemens SICAM P850 and P855 products, which affects all versions prior to V3.00. This flaw allows unauthorized users to access certain unprotected pages of the web interface, enabling them to delete critical log files without any authentication. The lack of proper access restrictions poses a serious risk to the integrity and security of logging data, potentially allowing threat actors to erase traces of malicious activities. Organizations utilizing these devices are advised to implement necessary safeguards and upgrade to the latest versions to mitigate these risks.",Siemens,"Sicam P850,Sicam P855",5.3,MEDIUM,0.0008200000156648457,false,,false,false,false,,false,false,2022-05-20T13:15:00.000Z,0
CVE-2022-29872,https://securityvulnerability.io/vulnerability/CVE-2022-29872,Parameter Validation Flaw in SICAM P850 and SICAM P855 Devices by Siemens,"A vulnerability has been identified within Siemens SICAM P850 and SICAM P855 devices, where improper validation of POST request parameters may be exploited. An authenticated attacker could potentially set the device into a denial of service state, or manipulate the program counter to execute arbitrary code on the device. This flaw emphasizes the importance of robust parameter validation to safeguard against malicious manipulations.",Siemens,"Sicam P850,Sicam P855",8.8,HIGH,0.0011899999808520079,false,,false,false,false,,false,false,2022-05-20T13:15:00.000Z,0
CVE-2022-29882,https://securityvulnerability.io/vulnerability/CVE-2022-29882,File Upload Vulnerability in SICAM P850 and SICAM P855 by Siemens,"A security issue has been detected in SICAM P850 and SICAM P855 products from Siemens. The vulnerability arises from the improper handling of uploaded files. This flaw allows unauthenticated attackers to exploit the system by storing a cross-site scripting (XSS) attack within error logs. When a legitimate user accesses these logs, the attacker may perform arbitrary actions under the user's identity, potentially leading to further system compromise.",Siemens,"Sicam P850,Sicam P855",6.1,MEDIUM,0.0007800000021234155,false,,false,false,false,,false,false,2022-05-20T13:15:00.000Z,0
CVE-2022-29873,https://securityvulnerability.io/vulnerability/CVE-2022-29873,SICAM P850 and P855 Remote Code Execution Vulnerability,"A vulnerability in the SICAM P850 and P855 devices allows unauthenticated attackers to manipulate the parameters of specific GET and POST requests. This oversight can lead to a denial of service condition or, more critically, unauthorized execution of arbitrary code on the affected devices. Users and administrators need to ensure that they are using versions V3.00 and above to mitigate these risks.",Siemens,"Sicam P850,Sicam P855",9.8,CRITICAL,0.0022299999836832285,false,,false,false,false,,false,false,2022-05-20T13:15:00.000Z,0
CVE-2022-29876,https://securityvulnerability.io/vulnerability/CVE-2022-29876,Reflected XSS Vulnerability in SICAM P850 and P855 by Siemens,"A vulnerability has been detected in the SICAM P850 and P855 products by Siemens, where the devices inadequately validate the input of a GET request parameter. This flaw allows attackers to manipulate parameters, which could lead to reflected XSS attacks. Consequently, malicious actors might exploit this vulnerability to execute unauthorized scripts in the context of a user's session, potentially compromising sensitive information.",Siemens,"Sicam P850,Sicam P855",6.1,MEDIUM,0.0007800000021234155,false,,false,false,false,,false,false,2022-05-20T13:15:00.000Z,0
CVE-2022-29877,https://securityvulnerability.io/vulnerability/CVE-2022-29877,Unauthenticated Access Vulnerability in SICAM P850 and P855 Products from Siemens,"An unauthenticated access vulnerability exists in SICAM P850 and SICAM P855 products, all versions below V3.00. This security flaw could permit attackers to gain access to the web interface configuration without authentication. Once inside, attackers may extract internal configuration details or modify network settings. It's important to note that although configurations can be altered, these changes will only take effect with the authentication of a user who has administrative privileges.",Siemens,"Sicam P850,Sicam P855",6.5,MEDIUM,0.0008399999933317304,false,,false,false,false,,false,false,2022-05-20T13:15:00.000Z,0
CVE-2022-29881,https://securityvulnerability.io/vulnerability/CVE-2022-29881,Web Management Interface Vulnerability in SICAM P850 and P855 by Siemens,"A vulnerability exists in the web-based management interface of SICAM P850 and P855 devices, allowing unauthenticated users to gain access to sensitive internal configuration details. The lack of special access protection for certain internal developer views can lead to unauthorized data extraction, potentially compromising the integrity and security of the system. Users are advised to upgrade to version 3.00 or later to mitigate this risk.",Siemens,"Sicam P850,Sicam P855",5.3,MEDIUM,0.0008399999933317304,false,,false,false,false,,false,false,2022-05-10T09:47:26.000Z,0
CVE-2022-29880,https://securityvulnerability.io/vulnerability/CVE-2022-29880,Input Validation Flaw in SICAM P850 and P855 Products by Siemens,"An input validation vulnerability exists in the configuration interface of the SICAM P850 and P855 devices, where inadequate checking allows an authenticated attacker to execute persistent XSS attacks. This could enable the attacker to perform actions impersonating the legitimate logged-in user, posing a significant risk to the integrity and confidentiality of the affected systems. Such vulnerabilities highlight the necessity for robust input validation mechanisms in order to protect sensitive operational environments.",Siemens,"Sicam P850,Sicam P855",5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2022-05-10T09:47:25.000Z,0
CVE-2022-29879,https://securityvulnerability.io/vulnerability/CVE-2022-29879,Access Control Vulnerability in SICAM P850 and P855 Products by Siemens,"A vulnerability exists in the web-based management interface of Siemens SICAM P850 and P855 products. This issue arises from the lack of special access protection for certain internal developer views, allowing authenticated users to gain unauthorized access to sensitive device information. Affected versions prior to V3.00 are particularly at risk, prompting urgent attention from users to secure their devices and update to mitigating versions.",Siemens,"Sicam P850,Sicam P855",6.5,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2022-05-10T09:47:23.000Z,0
CVE-2022-29878,https://securityvulnerability.io/vulnerability/CVE-2022-29878,Challenge-Response Vulnerability in SICAM P850 and P855 Devices by Siemens,"A challenge-response vulnerability has been identified in the SICAM P850 and P855 devices, affecting all versions prior to V3.00. This flaw arises from the limited range of challenges sent during unencrypted challenge-response communications. An unauthenticated attacker could exploit this by capturing a valid challenge-response pair, enabling them to repeatedly request the same challenge and gain unauthorized access to the device's management interface. This poses significant risks to the integrity and security of the affected devices.",Siemens,"Sicam P850,Sicam P855",8.1,HIGH,0.0022299999836832285,false,,false,false,false,,false,false,2022-05-10T09:47:22.000Z,0
CVE-2022-29874,https://securityvulnerability.io/vulnerability/CVE-2022-29874,Cleartext Communication Vulnerability in SICAM P850 and P855 Devices,"A significant vulnerability has been detected in SICAM P850 and P855 devices where web traffic is transmitted without encryption, allowing potential attackers to capture and manipulate the communication. This weakness can lead to unauthorized interference with device operations, posing risks to the integrity and confidentiality of the data exchanged. It is critical for users of these devices to ensure they are using versions V3.00 or higher to mitigate this risk.",Siemens,"Sicam P850,Sicam P855",7.5,HIGH,0.0016899999463930726,false,,false,false,false,,false,false,2022-05-10T09:47:18.000Z,0