CVE Published: 13/06/2023 |
CVE Updated: 02/08/2024 |
CVE Year: 2023 Source: siemens |
Vendor: Siemens |
Product: POWER METER SICAM Q100 Status : PUBLISHED
CVE-2023-31238 Description
A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60). Affected devices are missing cookie protection flags when using the default settings. An attacker who gains access to a session token can use it to impersonate a legitimate application user.
Metrics
CVSS Version: 3.1 |
Base Score: 5.5 MEDIUM Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C