What is the severity of CVE-2022-29876?

CVE-2022-29876 is considered a high-severity vulnerability due to potential unauthorized access to sensitive data.

How do I fix CVE-2022-29876?

To fix CVE-2022-29876, you should upgrade the affected SICAM P850 devices to firmware version 3.00 or later.

What systems are affected by CVE-2022-29876?

CVE-2022-29876 affects all versions of SICAM P850 devices prior to version 3.00.

What type of vulnerability is CVE-2022-29876?

CVE-2022-29876 is a security vulnerability that allows for potential unauthorized access and exploitation of the affected systems.

What should I do if I can't upgrade to fix CVE-2022-29876?

If unable to upgrade, implement additional network security measures and monitoring to mitigate risks associated with CVE-2022-29876.

Vulnerability/
CVE-2022-29876

medium

6.1

CWE

10/5/2022

3/8/2024

CVE-2022-29876: XSS

First published: Tue May 10 2022(Updated: )

A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). Affected devices do not properly handle the input of a GET request parameter. The provided argument is directly reflected in the web server response. This could allow an unauthenticated attacker to perform reflected XSS attacks.

Credit: productcert@siemens.com

Affected Software	Affected Version	How to fix
Siemens 7kg8500-0aa00-0aa0 Firmware	<3.00
Siemens 7kg8500-0aa00-0aa0
Siemens 7kg8500-0aa00-2aa0 Firmware	<3.00
Siemens 7kg8500-0aa00-2aa0
Siemens 7kg8500-0aa10-0aa0 Firmware	<3.00
Siemens 7kg8500-0aa10-0aa0
Siemens 7kg8500-0aa10-2aa0 Firmware	<3.00
Siemens 7kg8500-0aa10-2aa0
Siemens 7kg8500-0aa30-0aa0 Firmware	<3.00
Siemens 7kg8500-0aa30-0aa0
Siemens 7kg8500-0aa30-2aa0 Firmware	<3.00
Siemens 7kg8500-0aa30-2aa0
Siemens 7kg8501-0aa01-0aa0 Firmware	<3.00
Siemens 7kg8501-0aa01-0aa0
Siemens 7kg8501-0aa01-2aa0 Firmware	<3.00
Siemens 7kg8501-0aa01-2aa0
Siemens 7kg8501-0aa02-0aa0 Firmware	<3.00
Siemens 7kg8501-0aa02-0aa0
Siemens 7kg8501-0aa02-2aa0 Firmware	<3.00
Siemens 7kg8501-0aa02-2aa0
Siemens 7kg8501-0aa11-0aa0 Firmware	<3.00
Siemens 7kg8501-0aa11-0aa0
Siemens 7kg8501-0aa11-2aa0 Firmware	<3.00
Siemens 7kg8501-0aa11-2aa0
Siemens 7kg8501-0aa12-0aa0 Firmware	<3.00
Siemens 7kg8501-0aa12-0aa0
Siemens 7kg8501-0aa12-2aa0 Firmware	<3.00
Siemens 7kg8501-0aa12-2aa0
Siemens 7kg8501-0aa31-0aa0 Firmware	<3.00
Siemens 7kg8501-0aa31-0aa0
Siemens 7kg8501-0aa31-2aa0 Firmware	<3.00
Siemens 7kg8501-0aa31-2aa0
Siemens 7kg8501-0aa32-0aa0 Firmware	<3.00
Siemens 7kg8501-0aa32-0aa0
Siemens 7kg8501-0aa32-2aa0 Firmware	<3.00
Siemens 7kg8501-0aa32-2aa0
Siemens 7kg8550-0aa00-0aa0 Firmware	<3.00
Siemens 7kg8550-0aa00-0aa0
Siemens 7kg8550-0aa00-2aa0 Firmware	<3.00
Siemens 7kg8550-0aa00-2aa0
Siemens 7kg8550-0aa10-0aa0 Firmware	<3.00
Siemens 7kg8550-0aa10-0aa0
Siemens 7kg8550-0aa10-2aa0 Firmware	<3.00
Siemens 7kg8550-0aa10-2aa0
Siemens 7kg8550-0aa30-0aa0 Firmware	<3.00
Siemens 7kg8550-0aa30-0aa0
Siemens 7kg8550-0aa30-2aa0 Firmware	<3.00
Siemens 7kg8550-0aa30-2aa0
Siemens 7kg8551-0aa01-0aa0 Firmware	<3.00
Siemens 7kg8551-0aa01-0aa0
Siemens 7kg8551-0aa01-2aa0 Firmware	<3.00
Siemens 7kg8551-0aa01-2aa0
Siemens 7kg8551-0aa02-0aa0 Firmware	<3.00
Siemens 7kg8551-0aa02-0aa0
Siemens 7kg8551-0aa02-2aa0 Firmware	<3.00
Siemens 7kg8551-0aa02-2aa0
Siemens 7kg8551-0aa11-0aa0 Firmware	<3.00
Siemens 7kg8551-0aa11-0aa0
Siemens 7kg8551-0aa11-2aa0 Firmware	<3.00
Siemens 7kg8551-0aa11-2aa0
Siemens 7kg8551-0aa12-0aa0 Firmware	<3.00
Siemens 7kg8551-0aa12-0aa0
Siemens 7kg8551-0aa12-2aa0 Firmware	<3.00
Siemens 7kg8551-0aa12-2aa0
Siemens 7kg8551-0aa31-0aa0 Firmware	<3.00
Siemens 7kg8551-0aa31-0aa0
Siemens 7kg8551-0aa31-2aa0 Firmware	<3.00
Siemens 7kg8551-0aa31-2aa0
Siemens 7kg8551-0aa32-0aa0 Firmware	<3.00
Siemens 7kg8551-0aa32-0aa0
Siemens 7kg8551-0aa32-2aa0 Firmware	<3.00
Siemens 7kg8551-0aa32-2aa0

Remedy

https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf

Never miss a vulnerability like this again

Reference Links

https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf

Frequently Asked Questions

What is the severity of CVE-2022-29876?
CVE-2022-29876 is considered a high-severity vulnerability due to potential unauthorized access to sensitive data.
How do I fix CVE-2022-29876?
To fix CVE-2022-29876, you should upgrade the affected SICAM P850 devices to firmware version 3.00 or later.
What systems are affected by CVE-2022-29876?
CVE-2022-29876 affects all versions of SICAM P850 devices prior to version 3.00.
What type of vulnerability is CVE-2022-29876?
CVE-2022-29876 is a security vulnerability that allows for potential unauthorized access and exploitation of the affected systems.
What should I do if I can't upgrade to fix CVE-2022-29876?
If unable to upgrade, implement additional network security measures and monitoring to mitigate risks associated with CVE-2022-29876.

CVE-2022-29876: XSS

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2022-29876?

How do I fix CVE-2022-29876?

What systems are affected by CVE-2022-29876?

What type of vulnerability is CVE-2022-29876?

What should I do if I can't upgrade to fix CVE-2022-29876?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2022-29876?

How do I fix CVE-2022-29876?

What systems are affected by CVE-2022-29876?

What type of vulnerability is CVE-2022-29876?

What should I do if I can't upgrade to fix CVE-2022-29876?