Lucene search

PRIOn knowledge basePRION:CVE-2023-31238

HistoryJun 13, 2023 - 9:15 a.m.

Design/Logic Flaw

2023-06-1309:15:00

PRIOn knowledge base

www.prio-n.com

vulnerability

power meter

sicam q100

default settings

session token

impersonation

nvd

5.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.6%

JSON

A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60). Affected devices are missing cookie protection flags when using the default settings. An attacker who gains access to a session token can use it to impersonate a legitimate application user.

CPENameOperatorVersion
q200_firmwarelt2.70

CPE	Name	Operator	Version
	q200_firmware	lt	2.70

References

cert-portal.siemens.com/productcert/pdf/ssa-480095.pdf

cert-portal.siemens.com/productcert/pdf/ssa-887249.pdf