CVE-2022-29880

MEDIUM

Siemens 7kg8500-0aa00-0aa0 Firmware < 3.00 - XSS

Title source: rule
STIX 2.1

Description

A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices do not properly validate input in the configuration interface. This could allow an authenticated attacker to place persistent XSS attacks to perform arbitrary actions in the name of a logged user which accesses the affected views.

References (3)

Core 3

Scores

CVSS v3 6.5
EPSS 0.0038
EPSS Percentile 59.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Details

CWE
CWE-79
Status published
Products (36)
siemens/7kg8500-0aa00-0aa0_firmware < 3.00
siemens/7kg8500-0aa00-2aa0_firmware < 3.00
siemens/7kg8500-0aa10-0aa0_firmware < 3.00
siemens/7kg8500-0aa10-2aa0_firmware < 3.00
siemens/7kg8500-0aa30-0aa0_firmware < 3.00
siemens/7kg8500-0aa30-2aa0_firmware < 3.00
siemens/7kg8501-0aa01-0aa0_firmware < 3.00
siemens/7kg8501-0aa01-2aa0_firmware < 3.00
siemens/7kg8501-0aa02-0aa0_firmware < 3.00
siemens/7kg8501-0aa02-2aa0_firmware < 3.00
... and 26 more
Published May 20, 2022
Tracked Since Feb 18, 2026