Lucene search

SiemensCVELIST:CVE-2023-31238

HistoryJun 13, 2023 - 8:17 a.m.

CVE-2023-31238

2023-06-1308:17:13

CWE-732

siemens

www.cve.org

vulnerability

power meter sicam q100

session token hijacking

default settings

CVSS3

5.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

32.7%

JSON

A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60). Affected devices are missing cookie protection flags when using the default settings. An attacker who gains access to a session token can use it to impersonate a legitimate application user.

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "POWER METER SICAM Q100",
    "versions": [
      {
        "version": "All versions < V2.60",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "POWER METER SICAM Q100",
    "versions": [
      {
        "version": "All versions < V2.60",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "POWER METER SICAM Q100",
    "versions": [
      {
        "version": "All versions < V2.60",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "POWER METER SICAM Q100",
    "versions": [
      {
        "version": "All versions < V2.60",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-480095.pdf

cert-portal.siemens.com/productcert/pdf/ssa-887249.pdf