Описание
The integrated web server on Siemens SCALANCE M-800 and S615 modules with firmware before 4.02 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
Ссылки
- Vendor Advisory
- Third Party AdvisoryUS Government Resource
- Vendor Advisory
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1Версия до 4.01 (включая)
Одновременно
cpe:2.3:o:siemens:scalance_m-800_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_m-800:-:*:*:*:*:*:*:*
Конфигурация 2Версия до 4.01 (включая)
Одновременно
cpe:2.3:o:siemens:scalance_s615_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_s615:-:*:*:*:*:*:*:*
EPSS
Процентиль: 71%
0.00671
Низкий
4 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
CVSS3: 4
github
больше 3 лет назад
The integrated web server on Siemens SCALANCE M-800 and S615 modules with firmware before 4.02 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
EPSS
Процентиль: 71%
0.00671
Низкий
4 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-200