Session Token Vulnerability in Siemens POWER METER SICAM Q200 Family Devices
CVE-2023-31238

5.5MEDIUM

Key Information:

Vendor: Siemens
Status: Power Meter Sicam Q100
Vendor: CVE Published:; 13 June 2023

What is CVE-2023-31238?

A session token vulnerability exists in the Siemens POWER METER SICAM Q200 family of devices. This issue arises due to the absence of cookie protection flags in the default settings. An attacker who successfully gains access to a session token can impersonate legitimate users of the application, potentially compromising security and user data. Users are advised to upgrade to the latest version (V2.70 or higher) to mitigate this vulnerability effectively.

Affected Version(s)

POWER METER SICAM Q100 All versions < V2.60

References

https://cert-portal.siemens.com/productcert/pdf/ssa-88724...

https://cert-portal.siemens.com/productcert/pdf/ssa-48009...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 13, 2023
Vulnerability Reserved
Apr 26, 2023