The vulnerability of Siemens SICAM P850 and Siemens SICAM P855 multifunctional measuring devices lies in their ability to bypass the authentication process using capture-replay techniques for intercepted parameters. This allows attackers to gain access to the device’s control interface.

🗓️ 01 Jun 2022 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 4 Views

Siemens SICAM P850 and P855 bypass authentication using capture-replay to access control interface.

Reporter	Title	Published	Views	Family All 13
Circl	CVE-2022-29878	20 May 202216:30	–	circl
CNNVD	Siemens SICAM T 安全漏洞	12 May 202200:00	–	cnnvd
CNVD	Siemens SICAM P850 and SICAM P855 Devices Bypass Authentication Vulnerability	11 May 202200:00	–	cnvd
CVE	CVE-2022-29878	10 May 202209:47	–	cve
Cvelist	CVE-2022-29878	10 May 202209:47	–	cvelist
EUVD	EUVD-2022-34190	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in Siemens products	10 May 202200:00	–	ncsc
NCSC	Vulnerabilities fixed in Siemens products	9 Dec 202513:15	–	ncsc
NVD	CVE-2022-29878	20 May 202213:15	–	nvd
OSV	CVE-2022-29878	20 May 202213:15	–	osv

Vulners

Node

siemens_ag sicam_p855Range<3.0

OR

siemens_ag sicam_p850Range<3.0

Source	Link
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2022051724
cisa	www.cisa.gov/uscert/ics/advisories/icsa-22-132-07
vuldb	www.vuldb.com/
web	www.web.nvd.nist.gov/view/vuln/detail

01 Jun 2022 00:00Current

7.7High risk

Vulners AI Score7.7

CVSS 37.5

CVSS 27.6

EPSS0.01018

Siemens SICAM P850 Siemens SICAM P855 authentication bypass capture replay control interface intercepted parameters