← Zuruck zu CVEs
CVE-2022-33137
HIGH8.0
Beschreibung
A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S (All versions < V3.3), SIMATIC MV550 H (All versions < V3.3), SIMATIC MV550 S (All versions < V3.3), SIMATIC MV560 U (All versions < V3.3), SIMATIC MV560 X (All versions < V3.3). The web session management of affected devices does not invalidate session ids in certain logout scenarios. This could allow an authenticated remote attacker to hijack other users' sessions.
CVE Details
CVSS v3.1 Bewertung8.0
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionREQUIRED
Veroffentlicht7/12/2022
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
siemens:simatic_mv540_hsiemens:simatic_mv540_h_firmwaresiemens:simatic_mv540_ssiemens:simatic_mv540_s_firmwaresiemens:simatic_mv550_hsiemens:simatic_mv550_h_firmwaresiemens:simatic_mv550_ssiemens:simatic_mv550_s_firmwaresiemens:simatic_mv560_usiemens:simatic_mv560_u_firmwaresiemens:simatic_mv560_xsiemens:simatic_mv560_x_firmware
Schwachen (CWE)
CWE-613CWE-613
Referenzen
https://cert-portal.siemens.com/productcert/pdf/ssa-348662.pdf(productcert@siemens.com)
https://cert-portal.siemens.com/productcert/pdf/ssa-348662.pdf(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.