CVE-2022-29874

Vulnerability

A cleartext transmission vulnerability exists in the web interface of SICAM T devices running versions prior to V3.0. The affected devices do not encrypt web traffic with clients but communicate in cleartext via HTTP. This issue is identified as CVE-2022-29874 and affects all versions of SICAM T before V3.0 [2].

Exploitation

An unauthenticated attacker with network access to the affected device can capture HTTP traffic using standard packet sniffing tools. No authentication or user interaction is required for the attacker to intercept the cleartext communications. The attacker can also actively interfere with device functionality by injecting or manipulating HTTP requests [1][2].

Impact

Successful exploitation allows an attacker to capture sensitive information transmitted between the client and device, including credentials and configuration data. Additionally, the attacker can interfere with the functionality of the device, potentially leading to denial of service, unauthorized access, or manipulation of device operations [2].

Mitigation

Siemens has released version V3.00 to address this vulnerability. Affected users should update to SICAM T V3.00 or later. The update can be obtained from the Siemens Industry Online Support portal. As a workaround, restrict network access to port 80/tcp and 443/tcp to trusted IP addresses only [1][2].