CVE-2022-33137

EUVD-2022-36188

12.07.2022, 10:15

A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S (All versions < V3.3), SIMATIC MV550 H (All versions < V3.3), SIMATIC MV550 S (All versions < V3.3), SIMATIC MV560 U (All versions < V3.3), SIMATIC MV560 X (All versions < V3.3). The web session management of affected devices does not invalidate session ids in certain logout scenarios. This could allow an authenticated remote attacker to hijack other users' sessions.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8 HIGH	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 55%

Affected Products (NVD)

Vendor	Product	Version
siemens	simatic_mv540_h_firmware	𝑥 < 3.3
siemens	simatic_mv540_s_firmware	𝑥 < 3.3
siemens	simatic_mv550_h_firmware	𝑥 < 3.3
siemens	simatic_mv550_s_firmware	𝑥 < 3.3
siemens	simatic_mv560_u_firmware	𝑥 < 3.3
siemens	simatic_mv560_x_firmware	𝑥 < 3.3

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-613 - Insufficient Session Expiration
According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

References

https://cert-portal.siemens.com/productcert/pdf/ssa-348662.pdf