Session Cookie Vulnerability in Siemens SCALANCE Modules
CVE-2016-7090

4MEDIUM

Key Information:

Vendor: Siemens
Status: Scalance M-800 Firmware
Vendor: CVE Published:; 29 September 2016

What is CVE-2016-7090?

The integrated web server on Siemens SCALANCE M-800 and S615 modules with firmware versions earlier than 4.02 lacks a crucial security feature: the 'secure' flag for session cookies during HTTPS connections. This oversight allows remote attackers to potentially capture these cookies by exploiting unprotected communications within HTTP sessions. Consequently, compromised session cookies can lead to unauthorized access, putting sensitive data and system integrity at risk.