CVE-2022-43439 | A vulnerability has been identified in POWER METER SICAM Q10… | CVSS 9.9 CRITICAL

Description

A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (All versions < V2.50), POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) (All versions < V2.50), POWER METER SICAM Q100 (7KG9501-0AA31-0AA1) (All versions < V2.50), POWER METER SICAM Q100 (7KG9501-0AA31-2AA1) (All versions < V2.50), SICAM P850 (7KG8500-0AA00-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA00-2AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA10-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA10-2AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA30-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA30-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA01-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA01-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA02-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA02-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA11-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA11-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA12-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA12-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA31-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA31-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA32-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA32-2AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA00-0AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA00-2AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA10-0AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA10-2AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA30-0AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA30-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA01-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA01-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA02-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA02-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA11-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA11-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA12-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA12-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA31-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA31-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA32-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA32-2AA0) (All versions < V3.10), SICAM T (All versions < V3.0). Affected devices do not properly validate the Language-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device.

Metadata

CVE ID: CVE-2022-43439
State: PUBLISHED
Assigner: siemens
Reserved: 2022-10-19 00:00 UTC
Published: 2022-11-08 00:00 UTC
Last updated: 2025-12-09 10:44 UTC
Primary CWE: CWE-20
CWE-20: Improper Input Validation
Vendor / Product: Siemens / POWER METER SICAM Q100
Sources: cve.org · NVD

Severity & Metrics

9.9 CRITICAL CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C

Affected products (41)

Vendor	Product	Platform	Versions
Siemens	POWER METER SICAM Q100	—	0 < V2.50
Siemens	POWER METER SICAM Q100	—	0 < V2.50
Siemens	POWER METER SICAM Q100	—	0 < V2.50
Siemens	POWER METER SICAM Q100	—	0 < V2.50
Siemens	SICAM P850	—	All versions < V3.10
Siemens	SICAM P850	—	All versions < V3.10
Siemens	SICAM P850	—	All versions < V3.10
Siemens	SICAM P850	—	All versions < V3.10
Siemens	SICAM P850	—	All versions < V3.10
Siemens	SICAM P850	—	All versions < V3.10
Siemens	SICAM P850	—	All versions < V3.10
Siemens	SICAM P850	—	All versions < V3.10
Siemens	SICAM P850	—	All versions < V3.10
Siemens	SICAM P850	—	All versions < V3.10
Siemens	SICAM P850	—	All versions < V3.10
Siemens	SICAM P850	—	All versions < V3.10
Siemens	SICAM P850	—	All versions < V3.10
Siemens	SICAM P850	—	All versions < V3.10
Siemens	SICAM P850	—	All versions < V3.10
Siemens	SICAM P850	—	All versions < V3.10
Siemens	SICAM P850	—	All versions < V3.10
Siemens	SICAM P850	—	All versions < V3.10
Siemens	SICAM P855	—	All versions < V3.10
Siemens	SICAM P855	—	All versions < V3.10
Siemens	SICAM P855	—	All versions < V3.10
Siemens	SICAM P855	—	All versions < V3.10
Siemens	SICAM P855	—	All versions < V3.10
Siemens	SICAM P855	—	All versions < V3.10
Siemens	SICAM P855	—	All versions < V3.10
Siemens	SICAM P855	—	All versions < V3.10
Siemens	SICAM P855	—	All versions < V3.10
Siemens	SICAM P855	—	All versions < V3.10
Siemens	SICAM P855	—	All versions < V3.10
Siemens	SICAM P855	—	All versions < V3.10
Siemens	SICAM P855	—	All versions < V3.10
Siemens	SICAM P855	—	All versions < V3.10
Siemens	SICAM P855	—	All versions < V3.10
Siemens	SICAM P855	—	All versions < V3.10
Siemens	SICAM P855	—	All versions < V3.10
Siemens	SICAM P855	—	All versions < V3.10
Siemens	SICAM T	—	0 < V3.0

Weakness (CWE)

CWE	Source	Description
CWE-20	cna	CWE-20: Improper Input Validation

CVSS scores (1)

Score	Severity	Version	Source	Vector
9.9	CRITICAL	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C

References (7)