Session Cookie Vulnerability in Desigo Products from Siemens
CVE-2022-24045
6.5MEDIUM
Key Information:
- Vendor
- Siemens
- Vendor
- CVE Published:
- 20 May 2022
Summary
A vulnerability has been identified in Siemens Desigo products, allowing session cookies to be set without security attributes such as 'Secure', 'HttpOnly', or 'SameSite'. This oversight permits the transmission of session cookies via unencrypted HTTP, making it possible for attackers to intercept and capture sensitive data over the network. Implementing secure configurations is essential to prevent unauthorized access and protect critical information.
Affected Version(s)
Desigo DXR2 All versions < V01.21.142.5-22
Desigo PXC3 All versions < V01.21.142.4-18
Desigo PXC4 All versions < V02.20.142.10-10884
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved