CVE-2022-43439: Vulnerability in POWER METER SICAM Devices Allows Authenticated Remote Attackers to Crash or Execute Arbitrary Code

A critical vulnerability has been discovered in the POWER METER SICAM family of devices, specifically in the Q200, P850, and P855 models. These devices are widely used in industries for power monitoring, analysis, and automation. The vulnerability impacts all versions of the devices listed below before the specified version updates:

SICAM P855 (All versions < V3.10)

The vulnerability, assigned the CVE identifier CVE-2022-43439, arises from a lack of proper validation of the Language-parameter in requests made to the web interface on port 443/tcp. This opens a window for an authenticated remote attacker to crash the affected device and cause an automatic reboot, or potentially execute arbitrary code on the device, putting critical infrastructure at risk.

The code snippet of a vulnerable Language-parameter request is shown below

GET /home?Language=a'a'%3Balert(1)%2F%2F HTTP/1.1
Host: <target-ip>:443
User-Agent: Mozilla/5.
Accept: */*
Authorization: Basic <base64-encoded-username:password>
Connection: close

For security reasons, the specific exploit codes are not provided, but this snippet serves as an example of the type of request that can exploit the vulnerability.

In a successful attack scenario, the attacker would have to obtain valid user credentials to authenticate to the target device. Once logged in, the attacker could send a crafted request with the malicious Language-parameter, causing either a crash followed by an automatic reboot or allowing the execution of arbitrary code.

Original References

The issue was initially reported by the affected device manufacturer, who has since released firmware updates to address the vulnerability.

- SICAM Q200 Firmware - V2.70
- SICAM P850 Firmware - V3.10
- SICAM P855 Firmware - V3.10

Mitigation Steps

Affected users are strongly advised to update their devices immediately by downloading and installing the appropriate firmware updates from the provided links above. Additionally, the following steps can help minimize the risk associated with this vulnerability:

1. Restrict access to the device web interface to trusted networks and limit access to authorized users.

Regularly change user credentials and enforce strong password policies.

3. Implement network segmentation to isolate critical infrastructure and minimize the potential impact of successful attacks.

Conclusion

The CVE-2022-43439 vulnerability poses a severe risk to the affected POWER METER SICAM devices, particularly in scenarios where attackers may gain authorized access to the web interface. Device owners are urged to apply the necessary firmware updates promptly and adopt the recommended mitigation strategies to ensure the continued safety and integrity of their power management systems.

Timeline

Published on: 11/08/2022 11:15:00 UTC
Last modified on: 06/13/2023 09:15:00 UTC