CVE-2022-41665 is a vulnerability affecting Siemens SICAM P850 and P855 devices running all versions prior to V3.10. The root cause is improper neutralization of parameter or argument delimiters (CWE-141) in the handling of a specific HTTP GET request parameter. This flaw allows an unauthenticated attacker to manipulate the input parameters sent to the device without proper validation or sanitization. Consequently, the attacker can exploit this to either cause a denial of service (DoS) by setting the device into an unusable state or potentially control the program counter, enabling arbitrary code execution on the device. The vulnerability arises from the device's failure to properly parse and neutralize special characters or delimiters within the GET request parameters, which can lead to injection or memory corruption issues. Since the attack vector requires no authentication and can be triggered remotely via network access to the device's management interface, the attack surface is significant. Siemens SICAM P850 and P855 are industrial control system (ICS) devices commonly used in power distribution and automation environments, making this vulnerability particularly critical in operational technology (OT) contexts. No public exploits or active exploitation have been reported to date, but the potential impact on critical infrastructure is substantial. The vulnerability was published on October 11, 2022, and Siemens has released version 3.10 as a fixed version, though no direct patch links were provided in the source information.

For European organizations, especially those operating in critical infrastructure sectors such as energy, utilities, and industrial automation, this vulnerability poses a significant risk. Exploitation could lead to denial of service conditions, disrupting power distribution or automation processes, which may cause operational downtime, safety hazards, and financial losses. More severely, if arbitrary code execution is achieved, attackers could gain persistent control over the device, potentially manipulating operational parameters or causing physical damage. Given the widespread deployment of Siemens SICAM P850/P855 devices across European power grids and industrial facilities, the impact could cascade, affecting national grid stability and critical services. The unauthenticated nature of the vulnerability increases the risk of remote exploitation by threat actors, including nation-state adversaries or cybercriminal groups targeting European infrastructure. The lack of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, as the vulnerability is publicly known and could be weaponized. The medium severity rating reflects the balance between the complexity of exploitation and the criticality of affected systems.

1. Immediate upgrade to Siemens SICAM P850/P855 firmware version 3.10 or later, which addresses this vulnerability. 2. Restrict network access to the management interfaces of SICAM devices using network segmentation and firewall rules, allowing only trusted and authenticated users or systems to communicate with these devices. 3. Implement strict input validation and anomaly detection on network traffic to identify and block malformed or suspicious GET requests targeting SICAM devices. 4. Employ intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics tuned to detect exploitation attempts related to CWE-141 or Siemens SICAM-specific attacks. 5. Conduct regular security audits and vulnerability assessments on OT networks to identify outdated firmware versions and unauthorized access paths. 6. Coordinate with Siemens support and OT security teams to monitor for any emerging exploit reports or patches. 7. Develop and test incident response plans specifically for OT environments to quickly isolate and remediate affected devices in case of exploitation. These measures go beyond generic advice by focusing on OT-specific network controls, firmware management, and proactive detection tailored to Siemens SICAM devices.