As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
1. EXECUTIVE SUMMARY
- CVSS v3 5.5
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SICAM P850 family and SICAM P855 family
- Vulnerabilities: Cross-Site Request Forgery (CSRF), Incorrect Permission Assignment for Critical Resource
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to perform arbitrary actions on the device on behalf of a legitimate user, or impersonate that user.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Siemens reports that the following products are affected:
- SICAM P850 (7KG8500-0AA00-0AA0): Versions prior to 3.11
- SICAM P850 (7KG8501-0AA02-2AA0): Versions prior to 3.11
- SICAM P850 (7KG8501-0AA11-0AA0): Versions prior to 3.11
- SICAM P850 (7KG8501-0AA11-2AA0): Versions prior to 3.11
- SICAM P850 (7KG8501-0AA12-0AA0): Versions prior to 3.11
- SICAM P850 (7KG8501-0AA12-2AA0): Versions prior to 3.11
- SICAM P850 (7KG8501-0AA31-0AA0): Versions prior to 3.11
- SICAM P850 (7KG8501-0AA31-2AA0): Versions prior to 3.11
- SICAM P850 (7KG8501-0AA32-0AA0): Versions prior to 3.11
- SICAM P850 (7KG8501-0AA32-2AA0): Versions prior to 3.11
- SICAM P855 (7KG8550-0AA00-0AA0): Versions prior to 3.11
- SICAM P850 (7KG8500-0AA00-2AA0): Versions prior to 3.11
- SICAM P855 (7KG8550-0AA00-2AA0): Versions prior to 3.11
- SICAM P855 (7KG8550-0AA10-0AA0): Versions prior to 3.11
- SICAM P855 (7KG8550-0AA10-2AA0): Versions prior to 3.11
- SICAM P855 (7KG8550-0AA30-0AA0): Versions prior to 3.11
- SICAM P855 (7KG8550-0AA30-2AA0)
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.This article has been indexed from All CISA AdvisoriesRead the original article: