Cleartext Communication Vulnerability in SICAM P850 and P855 Devices
CVE-2022-29874

7.5HIGH

Key Information:

Vendor: Siemens
Status: Sicam P850; Sicam P855
Vendor: CVE Published:; 10 May 2022

Summary

A significant vulnerability has been detected in SICAM P850 and P855 devices where web traffic is transmitted without encryption, allowing potential attackers to capture and manipulate the communication. This weakness can lead to unauthorized interference with device operations, posing risks to the integrity and confidentiality of the data exchanged. It is critical for users of these devices to ensure they are using versions V3.00 or higher to mitigate this risk.

Affected Version(s)

SICAM P850 All versions < V3.00

References

https://cert-portal.siemens.com/productcert/pdf/ssa-16507...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 10, 2022
Vulnerability Reserved
Apr 28, 2022