Session Cookie Vulnerability in Desigo Products from Siemens
CVE-2022-24045

6.5MEDIUM

Key Information:

Vendor

Siemens
Status
Desigo Dxr2
Desigo Pxc3
Desigo Pxc4
Desigo Pxc5
Vendor
CVE Published:
20 May 2022

What is CVE-2022-24045?

A vulnerability has been identified in Siemens Desigo products, allowing session cookies to be set without security attributes such as 'Secure', 'HttpOnly', or 'SameSite'. This oversight permits the transmission of session cookies via unencrypted HTTP, making it possible for attackers to intercept and capture sensitive data over the network. Implementing secure configurations is essential to prevent unauthorized access and protect critical information.

Affected Version(s)

Desigo DXR2 All versions < V01.21.142.5-22

Desigo PXC3 All versions < V01.21.142.4-18

Desigo PXC4 All versions < V02.20.142.10-10884

References

https://cert-portal.siemens.com/productcert/pdf/ssa-62696...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2022-24045 : Session Cookie Vulnerability in Desigo Products from Siemens