Key Information Summary Vulnerability Details Advisory ID: SSA-471761 Release Date: 2025-12-09 Last Updated: 2025-12-09 Current Version: V1.0 CVSS Score: Base Score v3.1: 9.9, Base Score v4.0: 9.3 Vulnerability Description Affected Product: SICAM T (all versions < V3.0) Vulnerability Types: - Improper parameter and input validation - Multiple Cross-Site Scripting (XSS) vulnerabilities - Cross-Site Request Forgery (CSRF) vulnerability - Session fixation, authentication and authorization bypass, missing HTTPS protection, missing cookie protection flags Impact May lead to remote code execution, denial of service, unauthorized access to web interface functionalities, session hijacking, impersonation of legitimate users, or allowing attackers to perform arbitrary actions on behalf of users. Mitigation Measures Upgrade to version V3.0 or higher. For details, refer to: Update Instructions See the Mitigation Measures section for more detailed recommendations. General Recommendations Implement a defense-in-depth strategy, such as deploying firewalls, network segmentation, VPNs, etc. Follow operational guidelines to configure the target environment and protect the IT environment. Specific CVE List CVE-2022-29872 ~ CVE-2022-29883 CVE-2022-40195 ~ CVE-2022-40226 CVE-2022-40596 ~ CVE-2022-41665 CVE-2022-43439 CVE-2023-30901 ~ CVE-2023-31238 Contact Information For additional questions regarding this vulnerability, contact Siemens ProductCERT