Lucene search

[email protected]NVD:CVE-2023-31238

HistoryJun 13, 2023 - 9:15 a.m.

CVE-2023-31238

2023-06-1309:15:18

CWE-732

[email protected]

web.nvd.nist.gov

vulnerability

power meter sicam q100

missing cookie protection

session token impersonation

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

32.7%

JSON

A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60). Affected devices are missing cookie protection flags when using the default settings. An attacker who gains access to a session token can use it to impersonate a legitimate application user.

Affected configurations

Nvd

Node

siemensq200Match-

AND

siemensq200_firmwareRange<2.70

VendorProductVersionCPE
siemensq200-cpe:2.3:h:siemens:q200:-:*:*:*:*:*:*:*
siemensq200_firmware*cpe:2.3:o:siemens:q200_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	q200	-	cpe:2.3:h:siemens:q200:-:::::::*
siemens	q200_firmware	*	cpe:2.3:o:siemens:q200_firmware::::::::

References

cert-portal.siemens.com/productcert/pdf/ssa-480095.pdf

cert-portal.siemens.com/productcert/pdf/ssa-887249.pdf

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

32.7%

JSON

Related for NVD:CVE-2023-31238

cve1 cvelist1 cnvd1 prion1 nessus1 ics2