Session Token Vulnerability in Siemens POWER METER SICAM Q200 Family Devices
CVE-2023-31238

4.8MEDIUM

Key Information:

Vendor
Siemens
Status
POWER METER SICAM Q100
Vendor
CVE Published:
13 June 2023

Summary

A session token vulnerability exists in the Siemens POWER METER SICAM Q200 family of devices. This issue arises due to the absence of cookie protection flags in the default settings. An attacker who successfully gains access to a session token can impersonate legitimate users of the application, potentially compromising security and user data. Users are advised to upgrade to the latest version (V2.70 or higher) to mitigate this vulnerability effectively.

Affected Version(s)

POWER METER SICAM Q100 All versions < V2.60

POWER METER SICAM Q100 All versions < V2.60

References

https://cert-portal.siemens.com/productcert/pdf/ssa-88724...
https://cert-portal.siemens.com/productcert/pdf/ssa-48009...

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.