Lucene search

K
cve[email protected]CVE-2023-31238
HistoryJun 13, 2023 - 9:15 a.m.

CVE-2023-31238

2023-06-1309:15:18
CWE-732
web.nvd.nist.gov
24
cve-2023-31238
vulnerability
security
session token
impersonation
power meter sicam q200
nvd

5.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C

4.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.9%

A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60). Affected devices are missing cookie protection flags when using the default settings. An attacker who gains access to a session token can use it to impersonate a legitimate application user.

Affected configurations

NVD
Node
siemensq200Match-
AND
siemensq200_firmwareRange<2.70

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "POWER METER SICAM Q100",
    "versions": [
      {
        "version": "All versions < V2.60",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "POWER METER SICAM Q100",
    "versions": [
      {
        "version": "All versions < V2.60",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "POWER METER SICAM Q100",
    "versions": [
      {
        "version": "All versions < V2.60",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "POWER METER SICAM Q100",
    "versions": [
      {
        "version": "All versions < V2.60",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

5.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C

4.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.9%

Related for CVE-2023-31238