Session Token Vulnerability in Siemens POWER METER SICAM Q200 Family Devices
CVE-2023-31238

5.5MEDIUM

Key Information:

Vendor

Siemens
Status
Sicam P850
Sicam P855
Sicam T
Vendor
CVE Published:
13 June 2023

What is CVE-2023-31238?

A session token vulnerability exists in the Siemens POWER METER SICAM Q200 family of devices. This issue arises due to the absence of cookie protection flags in the default settings. An attacker who successfully gains access to a session token can impersonate legitimate users of the application, potentially compromising security and user data. Users are advised to upgrade to the latest version (V2.70 or higher) to mitigate this vulnerability effectively.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SICAM P850 0

SICAM P850 0

SICAM P850 0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-88724...
https://cert-portal.siemens.com/productcert/pdf/ssa-48009...
https://cert-portal.siemens.com/productcert/html/ssa-8872...

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.