8
CVE-2022-33137
- EPSS 0.33%
- Published 12.07.2022 10:15:10
- Last modified 21.11.2024 07:07:35
- Source productcert@siemens.com
- Teams watchlist Login
- Open Login
A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S (All versions < V3.3), SIMATIC MV550 H (All versions < V3.3), SIMATIC MV550 S (All versions < V3.3), SIMATIC MV560 U (All versions < V3.3), SIMATIC MV560 X (All versions < V3.3). The web session management of affected devices does not invalidate session ids in certain logout scenarios. This could allow an authenticated remote attacker to hijack other users' sessions.
Data is provided by the National Vulnerability Database (NVD)
Siemens ≫ Simatic Mv540 H Firmware Version < 3.3
Siemens ≫ Simatic Mv540 S Firmware Version < 3.3
Siemens ≫ Simatic Mv550 H Firmware Version < 3.3
Siemens ≫ Simatic Mv550 S Firmware Version < 3.3
Siemens ≫ Simatic Mv560 U Firmware Version < 3.3
Siemens ≫ Simatic Mv560 X Firmware Version < 3.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.33% | 0.551 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8 | 2.1 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6 | 6.8 | 6.4 |
AV:N/AC:M/Au:S/C:P/I:P/A:P
|
CWE-613 Insufficient Session Expiration
According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."