CVE-2022-43398

HIGH 7.5

CVSS Score

7.5

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50). Affected devices do not renew the session cookie after login/logout and also accept user defined session cookies. An attacker could overwrite the stored session cookie of a user. After the victim logged in, the attacker is given access to the user's account through the activated session.

CWE	CWE-384
Vendor	siemens
Product	power meter sicam q100
Ecosystems	ICS/SCADA
Industries	IndustrialManufacturing
Published	Nov 8, 2022
Last Updated	Aug 3, 2024

Stay Ahead of the Next One

Get instant alerts for siemens power meter sicam q100

Be the first to know when new high vulnerabilities affecting siemens power meter sicam q100 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

Siemens / POWER METER SICAM Q100

All versions < V2.50

Siemens / POWER METER SICAM Q100

All versions < V2.50

Siemens / POWER METER SICAM Q100

All versions < V2.50

Siemens / POWER METER SICAM Q100

All versions < V2.50

References

NVD ↗ CVE.org ↗ EPSS Data ↗

cert-portal.siemens.com: https://cert-portal.siemens.com/productcert/pdf/ssa-570294.pdf cert-portal.siemens.com: https://cert-portal.siemens.com/productcert/pdf/ssa-887249.pdf