CVE-2022-29874

HIGH

Siemens 7kg8500-0aa00-0aa0 Firmware < 3.00 - Cleartext Transmission

Title source: rule

Description

A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices do not encrypt web traffic with clients but communicate in cleartext via HTTP. This could allow an unauthenticated attacker to capture the traffic and interfere with the functionality of the device.

References (3)

Core 3

Core References

Vendor Advisory

https://cert-portal.siemens.com/productcert/html/ssa-471761.html

Patch, Vendor Advisory x_refsource_misc

https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf

Vendor Advisory

https://cert-portal.siemens.com/productcert/html/ssa-165073.html

Scores

CVSS v3 8.8

EPSS 0.0033

EPSS Percentile 56.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-319

Status published

Products (36)

siemens/7kg8500-0aa00-0aa0_firmware < 3.00

siemens/7kg8500-0aa00-2aa0_firmware < 3.00

siemens/7kg8500-0aa10-0aa0_firmware < 3.00

siemens/7kg8500-0aa10-2aa0_firmware < 3.00

siemens/7kg8500-0aa30-0aa0_firmware < 3.00

siemens/7kg8500-0aa30-2aa0_firmware < 3.00

siemens/7kg8501-0aa01-0aa0_firmware < 3.00

siemens/7kg8501-0aa01-2aa0_firmware < 3.00

siemens/7kg8501-0aa02-0aa0_firmware < 3.00

siemens/7kg8501-0aa02-2aa0_firmware < 3.00

... and 26 more

Published May 20, 2022

Tracked Since Feb 18, 2026