Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2022-29884
HistoryJul 12, 2022 - 10:15 a.m.

CVE-2022-29884

2022-07-1210:15:10
CWE-772
[email protected]
web.nvd.nist.gov
39
3
cve-2022-29884
vulnerability
cp-8000
cp-8021
denial of service
nvd
cybersecurity

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.3%

JSON

A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < CPC80 V16.30), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < CPC80 V16.30), CP-8021 MASTER MODULE (All versions < CPC80 V16.30), CP-8022 MASTER MODULE WITH GPRS (All versions < CPC80 V16.30). When using the HTTPS server under specific conditions, affected devices do not properly free resources. This could allow an unauthenticated remote attacker to put the device into a denial of service condition.

Affected configurations

NVD
Node
siemenssicam_a8000_cp-8000_firmwareRange<16.30
AND
siemenssicam_a8000_cp-8000Match-
Node
siemenssicam_a8000_cp-8021_firmwareRange<16.30
AND
siemenssicam_a8000_cp-8021Match-
Node
siemenssicam_a8000_cp-8022_firmwareRange<16.30
AND
siemenssicam_a8000_cp-8022Match-

CNA Affected

[
  {
    "product": "CP-8000 MASTER MODULE WITH I/O -25/+70°C",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < CPC80 V16.30"
      }
    ]
  },
  {
    "product": "CP-8000 MASTER MODULE WITH I/O -40/+70°C",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < CPC80 V16.30"
      }
    ]
  },
  {
    "product": "CP-8021 MASTER MODULE",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < CPC80 V16.30"
      }
    ]
  },
  {
    "product": "CP-8022 MASTER MODULE WITH GPRS",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < CPC80 V16.30"
      }
    ]
  }
]

Social References

More

Related

nvd 1
nessus 1
prion 1
ics 1
cvelist 1
nvd
nvd
CVE-2022-29884
2022-07-12 10:15:10
nessus
nessus
Siemens CPC80 Firmware of SICAM A8000 Missing Release of Resource After Effective Lifetime (CVE-2022-29884)
2022-07-19 00:00:00
prion
prion
Race condition
2022-07-12 10:15:00
ics
ics
Siemens CPC80 Firmware of SICAM A8000
2022-08-18 12:00:00
cvelist
cvelist
CVE-2022-29884
2022-07-12 10:06:40

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.3%

JSON
Related for CVE-2022-29884
nvd1nessus1prion1ics1cvelist1