Lucene search

K
cve[email protected]CVE-2022-43398
HistoryNov 08, 2022 - 11:15 a.m.

CVE-2022-43398

2022-11-0811:15:11
CWE-384
web.nvd.nist.gov
42
4
cve-2022-43398
vulnerability
power meter
sicam q200
session cookie
user account

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.1%

A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50). Affected devices do not renew the session cookie after login/logout and also accept user defined session cookies. An attacker could overwrite the stored session cookie of a user. After the victim logged in, the attacker is given access to the user’s account through the activated session.

Affected configurations

NVD
Node
siemens7kg9501-0aa01-2aa1Match-
AND
siemens7kg9501-0aa01-2aa1_firmwareRange<2.50
Node
siemens7kg9501-0aa31-2aa1Match-
AND
siemens7kg9501-0aa31-2aa1_firmwareRange<2.50

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "POWER METER SICAM Q100",
    "versions": [
      {
        "version": "All versions < V2.50",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "POWER METER SICAM Q100",
    "versions": [
      {
        "version": "All versions < V2.50",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "POWER METER SICAM Q100",
    "versions": [
      {
        "version": "All versions < V2.50",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "POWER METER SICAM Q100",
    "versions": [
      {
        "version": "All versions < V2.50",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

Social References

More

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.1%

Related for CVE-2022-43398