Siemens SICAM P850 and P855 Devices Improper Neutralization of Parameter/Argument Delimiters (CVE-2022-41665)

high Tenable OT Security Plugin ID 501120

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A vulnerability has been identified in SICAM P850 (All versions < V3.10), SICAM P855 (All versions < V3.10). Affected devices do not properly validate the parameter of a specific GET request. This could allow an unauthenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has released updates for the affected products and recommends updating to the latest versions:

- SICAM P850 devices: Update to v3.10 or later
- SICAM P855 devices: Update to v3.10 or later

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- Avoid accessing links from untrusted sources while logged in to SICAM P850 or SICAM P855 devices

Siemens recommends operators check for appropriate resilient protection measures; the risk of cyber incidents impacting the grid's reliability can be minimized by virtue of the grid design.

Siemens strongly recommends applying the provided security updates using the corresponding tooling and documented procedures made available with the product. If supported by the product, an automated application of security updates across multiple product instances may be used. Siemens strongly recommends users to validate any security update before application; Siemens recommends the update process be supervised by trained staff in the target environment.

As a general security measure, Siemens strongly recommends protecting network access with appropriate mechanisms, such as firewalls, network segmentation, or use of virtual private networks (VPNs). It is advised to configure the environment according to Siemens’ operational guidelines to run the devices in a protected IT environment.

For additional resources, users should review Siemens’ security guidelines.

For more information, see Siemens Security Advisory SSA-572005 in HTML or CSAF.

See Also

https://cert-portal.siemens.com/productcert/pdf/ssa-572005.pdf

https://www.cisa.gov/news-events/ics-advisories/icsa-22-286-09

Plugin Details

Severity: High

ID: 501120

Version: 1.4

Type: remote

Family: Tenable.ot

Published: 5/9/2023

Updated: 3/4/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2022-41665

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:siemens:7kg8551-0aa32-2aa0_firmware, cpe:/o:siemens:7kg8500-0aa00-0aa0_firmware, cpe:/o:siemens:7kg8500-0aa00-2aa0_firmware, cpe:/o:siemens:7kg8500-0aa10-0aa0_firmware, cpe:/o:siemens:7kg8500-0aa10-2aa0_firmware, cpe:/o:siemens:7kg8500-0aa30-0aa0_firmware, cpe:/o:siemens:7kg8500-0aa30-2aa0_firmware, cpe:/o:siemens:7kg8501-0aa01-0aa0_firmware, cpe:/o:siemens:7kg8501-0aa01-2aa0_firmware, cpe:/o:siemens:7kg8501-0aa02-0aa0_firmware, cpe:/o:siemens:7kg8501-0aa02-2aa0_firmware, cpe:/o:siemens:7kg8501-0aa11-0aa0_firmware, cpe:/o:siemens:7kg8501-0aa11-2aa0_firmware, cpe:/o:siemens:7kg8501-0aa12-0aa0_firmware, cpe:/o:siemens:7kg8501-0aa12-2aa0_firmware, cpe:/o:siemens:7kg8501-0aa31-0aa0_firmware, cpe:/o:siemens:7kg8501-0aa31-2aa0_firmware, cpe:/o:siemens:7kg8501-0aa32-0aa0_firmware, cpe:/o:siemens:7kg8501-0aa32-2aa0_firmware, cpe:/o:siemens:7kg8550-0aa00-0aa0_firmware, cpe:/o:siemens:7kg8550-0aa00-2aa0_firmware, cpe:/o:siemens:7kg8550-0aa10-0aa0_firmware, cpe:/o:siemens:7kg8550-0aa10-2aa0_firmware, cpe:/o:siemens:7kg8550-0aa30-0aa0_firmware, cpe:/o:siemens:7kg8550-0aa30-2aa0_firmware, cpe:/o:siemens:7kg8551-0aa01-0aa0_firmware, cpe:/o:siemens:7kg8551-0aa01-2aa0_firmware, cpe:/o:siemens:7kg8551-0aa02-0aa0_firmware, cpe:/o:siemens:7kg8551-0aa02-2aa0_firmware, cpe:/o:siemens:7kg8551-0aa11-0aa0_firmware, cpe:/o:siemens:7kg8551-0aa11-2aa0_firmware, cpe:/o:siemens:7kg8551-0aa12-0aa0_firmware, cpe:/o:siemens:7kg8551-0aa12-2aa0_firmware, cpe:/o:siemens:7kg8551-0aa31-0aa0_firmware, cpe:/o:siemens:7kg8551-0aa31-2aa0_firmware, cpe:/o:siemens:7kg8551-0aa32-0aa0_firmware

Required KB Items: Tenable.ot/Siemens

Exploit Ease: No known exploits are available

Patch Publication Date: 10/11/2022

Vulnerability Publication Date: 10/11/2022

Reference Information

CVE: CVE-2022-41665

CWE: 141