CVE-2022-29880

Vulnerability

The vulnerability CVE-2022-29880 affects SICAM T (all versions before V3.0). The configuration interface does not properly validate input, allowing an authenticated attacker to inject persistent cross-site scripting (XSS) payloads. This affects the web interface of the device. [1][2]

Exploitation

An attacker must be authenticated to the device. They can then inject malicious script code into the configuration interface input fields, which is persistently stored. When another logged-in user accesses the affected views, the stored script executes in the user's browser context. The attacker does not require additional network access beyond the authenticated session. [1][2]

Impact

Successful exploitation allows the attacker to perform arbitrary actions in the browser context of a victim user who visits the affected views. This can lead to session hijacking, unauthorized configuration changes, data theft, or other actions as the victim user. The impact is limited to the privileges of the victim user. [1][2]

Mitigation

Siemens has released SICAM T V3.0, which fixes this vulnerability. Users should update to version V3.0 or later. As a workaround, restrict access to the web interface (port 443/tcp) to trusted IP addresses only, and instruct users not to follow links from untrusted sources while logged in. [1][2]