var-202207-0711
Vulnerability from variot
A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < CPC80 V16.30), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < CPC80 V16.30), CP-8021 MASTER MODULE (All versions < CPC80 V16.30), CP-8022 MASTER MODULE WITH GPRS (All versions < CPC80 V16.30). When using the HTTPS server under specific conditions, affected devices do not properly free resources. This could allow an unauthenticated remote attacker to put the device into a denial of service condition. Siemens' SICAM A8000 CP-8000 firmware, SICAM A8000 CP-8021 firmware, SICAM A8000 CP-8022 A vulnerability exists in firmware for lack of freeing resources after valid lifetime.Service operation interruption (DoS) It may be in a state. The SICAM A8000 RTU (Remote Terminal Unit) series is a modular device family for remote control and automation applications in all areas of energy supply
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202207-0711",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sicam a8000 cp-8000",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "16.30"
},
{
"model": "sicam a8000 cp-8022",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "16.30"
},
{
"model": "sicam a8000 cp-8021",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "16.30"
},
{
"model": "sicam a8000 cp-8022",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "sicam a8000 cp-8021",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "sicam a8000 cp-8000",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "cp-8000 master module with i/o -25/+70\u00b0c",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "16.30"
},
{
"model": "cp-8000 master module with i/o -40/+70\u00b0c",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "16.30"
},
{
"model": "cp-8021 master module",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "16.30"
},
{
"model": "cp-8022 master module with gprs",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "16.30"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51638"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013266"
},
{
"db": "NVD",
"id": "CVE-2022-29884"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Michael Messner from Siemens Energy reported this vulnerability to Siemens.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-941"
}
],
"trust": 0.6
},
"cve": "CVE-2022-29884",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2022-29884",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-51638",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-29884",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-29884",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-29884",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-29884",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2022-51638",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202207-941",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2022-29884",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51638"
},
{
"db": "VULMON",
"id": "CVE-2022-29884"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013266"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-941"
},
{
"db": "NVD",
"id": "CVE-2022-29884"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70\u00b0C (All versions \u003c CPC80 V16.30), CP-8000 MASTER MODULE WITH I/O -40/+70\u00b0C (All versions \u003c CPC80 V16.30), CP-8021 MASTER MODULE (All versions \u003c CPC80 V16.30), CP-8022 MASTER MODULE WITH GPRS (All versions \u003c CPC80 V16.30). When using the HTTPS server under specific conditions, affected devices do not properly free resources. This could allow an unauthenticated remote attacker to put the device into a denial of service condition. Siemens\u0027 SICAM A8000 CP-8000 firmware, SICAM A8000 CP-8021 firmware, SICAM A8000 CP-8022 A vulnerability exists in firmware for lack of freeing resources after valid lifetime.Service operation interruption (DoS) It may be in a state. The SICAM A8000 RTU (Remote Terminal Unit) series is a modular device family for remote control and automation applications in all areas of energy supply",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-29884"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013266"
},
{
"db": "CNVD",
"id": "CNVD-2022-51638"
},
{
"db": "VULMON",
"id": "CVE-2022-29884"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-29884",
"trust": 3.9
},
{
"db": "SIEMENS",
"id": "SSA-491621",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-22-195-14",
"trust": 1.5
},
{
"db": "JVN",
"id": "JVNVU97764115",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013266",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-51638",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071329",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202207-941",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-29884",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51638"
},
{
"db": "VULMON",
"id": "CVE-2022-29884"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013266"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-941"
},
{
"db": "NVD",
"id": "CVE-2022-29884"
}
]
},
"id": "VAR-202207-0711",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51638"
}
],
"trust": 1.3974026
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51638"
}
]
},
"last_update_date": "2024-08-14T13:42:36.694000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Siemens SICAM A8000 CPC80 Exists Unknown Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/339931"
},
{
"title": "Siemens SICAM A8000 CP-8000 Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=200067"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51638"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-941"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-772",
"trust": 1.0
},
{
"problemtype": "Lack of resource release after valid lifetime (CWE-772) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013266"
},
{
"db": "NVD",
"id": "CVE-2022-29884"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491621.pdf"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97764115/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29884"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-195-14"
},
{
"trust": 0.6,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-491621.html"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-29884/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071329"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-195-14"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/772.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-195-14"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51638"
},
{
"db": "VULMON",
"id": "CVE-2022-29884"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013266"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-941"
},
{
"db": "NVD",
"id": "CVE-2022-29884"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-51638"
},
{
"db": "VULMON",
"id": "CVE-2022-29884"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013266"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-941"
},
{
"db": "NVD",
"id": "CVE-2022-29884"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-51638"
},
{
"date": "2022-07-12T00:00:00",
"db": "VULMON",
"id": "CVE-2022-29884"
},
{
"date": "2023-09-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-013266"
},
{
"date": "2022-07-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-941"
},
{
"date": "2022-07-12T10:15:10.547000",
"db": "NVD",
"id": "CVE-2022-29884"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-51638"
},
{
"date": "2022-07-19T00:00:00",
"db": "VULMON",
"id": "CVE-2022-29884"
},
{
"date": "2023-09-06T08:23:00",
"db": "JVNDB",
"id": "JVNDB-2022-013266"
},
{
"date": "2022-07-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-941"
},
{
"date": "2022-07-19T18:18:45.773000",
"db": "NVD",
"id": "CVE-2022-29884"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-941"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lack of Freeing Resources After Valid Lifetime Vulnerability in Multiple Siemens Products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013266"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-941"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.