Lucene search

K
nvd[email protected]NVD:CVE-2023-30901
HistoryJun 13, 2023 - 9:15 a.m.

CVE-2023-30901

2023-06-1309:15:17
CWE-352
web.nvd.nist.gov
3
vulnerability
power meter sicam q100
cross-site request forgery

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

44.2%

A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user.

Affected configurations

Nvd
Node
siemensq200Match-
AND
siemensq200_firmwareRange<2.70
VendorProductVersionCPE
siemensq200-cpe:2.3:h:siemens:q200:-:*:*:*:*:*:*:*
siemensq200_firmware*cpe:2.3:o:siemens:q200_firmware:*:*:*:*:*:*:*:*

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

44.2%

Related for NVD:CVE-2023-30901