Session Cookie Vulnerability in SICAM P850 and P855 Products by Siemens
CVE-2022-40226

7.5HIGH

Key Information:

Vendor: Siemens
Status: Sicam P850; Sicam P855
Vendor: CVE Published:; 11 October 2022

What is CVE-2022-40226?

A vulnerability has been identified in the SICAM P850 and P855 products from Siemens, where affected devices accept user-defined session cookies without renewing them after login or logout. This design flaw allows potential attackers to hijack user sessions, leading to unauthorized access to sensitive information or functionalities within these systems. It is imperative for users of these products to take immediate steps to update to the latest versions to mitigate the risk of session hijacking.

Affected Version(s)

SICAM P850 All versions < V3.10

References

https://cert-portal.siemens.com/productcert/pdf/ssa-57200...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 11, 2022
Vulnerability Reserved
Sep 8, 2022