CVE-2022-40226

11.10.2022, 11:15

A vulnerability has been identified in SICAM P850 (7KG8500-0AA00-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA00-2AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA10-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA10-2AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA30-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA30-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA01-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA01-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA02-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA02-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA11-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA11-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA12-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA12-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA31-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA31-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA32-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA32-2AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA00-0AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA00-2AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA10-0AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA10-2AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA30-0AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA30-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA01-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA01-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA02-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA02-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA11-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA11-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA12-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA12-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA31-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA31-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA32-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA32-2AA0) (All versions < V3.10), SICAM T (All versions < V3.0). Affected devices accept user defined session cookies and do not renew the session cookie after login/logout. This could allow an attacker to take over another user's session after login.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
siemens	CNA	7.5 HIGH				CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 56%

Vendor	Product	Version
siemens	7kg8500-0aa00-0aa0_firmware	𝑥 < 3.10
siemens	7kg8500-0aa00-2aa0_firmware	𝑥 < 3.10
siemens	7kg8500-0aa10-0aa0_firmware	𝑥 < 3.10
siemens	7kg8500-0aa10-2aa0_firmware	𝑥 < 3.10
siemens	7kg8500-0aa30-0aa0_firmware	𝑥 < 3.10
siemens	7kg8500-0aa30-2aa0_firmware	𝑥 < 3.10
siemens	7kg8501-0aa01-0aa0_firmware	𝑥 < 3.10
siemens	7kg8501-0aa01-2aa0_firmware	𝑥 < 3.10
siemens	7kg8501-0aa02-0aa0_firmware	𝑥 < 3.10
siemens	7kg8501-0aa02-2aa0_firmware	𝑥 < 3.10
siemens	7kg8501-0aa11-0aa0_firmware	𝑥 < 3.10
siemens	7kg8501-0aa11-2aa0_firmware	𝑥 < 3.10
siemens	7kg8501-0aa12-0aa0_firmware	𝑥 < 3.10
siemens	7kg8501-0aa12-2aa0_firmware	𝑥 < 3.10
siemens	7kg8501-0aa31-0aa0_firmware	𝑥 < 3.10
siemens	7kg8501-0aa31-2aa0_firmware	𝑥 < 3.10
siemens	7kg8501-0aa32-0aa0_firmware	𝑥 < 3.10
siemens	7kg8501-0aa32-2aa0_firmware	𝑥 < 3.10
siemens	7kg8550-0aa00-0aa0_firmware	𝑥 < 3.10
siemens	7kg8550-0aa00-2aa0_firmware	𝑥 < 3.10
siemens	7kg8550-0aa10-0aa0_firmware	𝑥 < 3.10
siemens	7kg8550-0aa10-2aa0_firmware	𝑥 < 3.10
siemens	7kg8550-0aa30-0aa0_firmware	𝑥 < 3.10
siemens	7kg8550-0aa30-2aa0_firmware	𝑥 < 3.10
siemens	7kg8551-0aa01-0aa0_firmware	𝑥 < 3.10
siemens	7kg8551-0aa01-2aa0_firmware	𝑥 < 3.10
siemens	7kg8551-0aa02-0aa0_firmware	𝑥 < 3.10
siemens	7kg8551-0aa02-2aa0_firmware	𝑥 < 3.10
siemens	7kg8551-0aa11-0aa0_firmware	𝑥 < 3.10
siemens	7kg8551-0aa11-2aa0_firmware	𝑥 < 3.10
siemens	7kg8551-0aa12-0aa0_firmware	𝑥 < 3.10
siemens	7kg8551-0aa12-2aa0_firmware	𝑥 < 3.10
siemens	7kg8551-0aa31-0aa0_firmware	𝑥 < 3.10
siemens	7kg8551-0aa31-2aa0_firmware	𝑥 < 3.10
siemens	7kg8551-0aa32-0aa0_firmware	𝑥 < 3.10
siemens	7kg8551-0aa32-2aa0_firmware	𝑥 < 3.10

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-384 - Session Fixation
Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

References

https://cert-portal.siemens.com/productcert/html/ssa-471761.html

https://cert-portal.siemens.com/productcert/html/ssa-572005.html

https://cert-portal.siemens.com/productcert/pdf/ssa-572005.pdf