Action not permitted
Modal body text goes here.
Modal Title
Modal Body
GHSA-CHG2-RQMJ-8F6X
Vulnerability from github – Published: 2022-10-11 12:00 – Updated: 2025-12-09 18:30
VLAI?
Details
A vulnerability has been identified in SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10). Affected devices accept user defined session cookies and do not renew the session cookie after login/logout. This could allow an attacker to take over another user's session after login.
Severity ?
8.1 (High)
{
"affected": [],
"aliases": [
"CVE-2022-40226"
],
"database_specific": {
"cwe_ids": [
"CWE-384"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-11T11:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10). Affected devices accept user defined session cookies and do not renew the session cookie after login/logout. This could allow an attacker to take over another user\u0027s session after login.",
"id": "GHSA-chg2-rqmj-8f6x",
"modified": "2025-12-09T18:30:27Z",
"published": "2022-10-11T12:00:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40226"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-471761.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-572005.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-572005.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
CVE-2022-40226 (GCVE-0-2022-40226)
Vulnerability from cvelistv5 – Published: 2022-10-11 00:00 – Updated: 2025-12-09 10:44
VLAI?
EPSS
Summary
A vulnerability has been identified in SICAM P850 (7KG8500-0AA00-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA00-2AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA10-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA10-2AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA30-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA30-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA01-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA01-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA02-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA02-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA11-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA11-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA12-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA12-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA31-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA31-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA32-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA32-2AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA00-0AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA00-2AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA10-0AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA10-2AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA30-0AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA30-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA01-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA01-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA02-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA02-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA11-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA11-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA12-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA12-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA31-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA31-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA32-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA32-2AA0) (All versions < V3.10), SICAM T (All versions < V3.0). Affected devices accept user defined session cookies and do not renew the session cookie after login/logout. This could allow an attacker to take over another user's session after login.
Severity ?
CWE
- CWE-384 - Session Fixation
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | SICAM P850 |
Affected:
All versions < V3.10
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:14:40.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-572005.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-40226",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T15:22:43.267983Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-21T13:48:13.932Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM T",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SICAM P850 (7KG8500-0AA00-0AA0) (All versions \u003c V3.10), SICAM P850 (7KG8500-0AA00-2AA0) (All versions \u003c V3.10), SICAM P850 (7KG8500-0AA10-0AA0) (All versions \u003c V3.10), SICAM P850 (7KG8500-0AA10-2AA0) (All versions \u003c V3.10), SICAM P850 (7KG8500-0AA30-0AA0) (All versions \u003c V3.10), SICAM P850 (7KG8500-0AA30-2AA0) (All versions \u003c V3.10), SICAM P850 (7KG8501-0AA01-0AA0) (All versions \u003c V3.10), SICAM P850 (7KG8501-0AA01-2AA0) (All versions \u003c V3.10), SICAM P850 (7KG8501-0AA02-0AA0) (All versions \u003c V3.10), SICAM P850 (7KG8501-0AA02-2AA0) (All versions \u003c V3.10), SICAM P850 (7KG8501-0AA11-0AA0) (All versions \u003c V3.10), SICAM P850 (7KG8501-0AA11-2AA0) (All versions \u003c V3.10), SICAM P850 (7KG8501-0AA12-0AA0) (All versions \u003c V3.10), SICAM P850 (7KG8501-0AA12-2AA0) (All versions \u003c V3.10), SICAM P850 (7KG8501-0AA31-0AA0) (All versions \u003c V3.10), SICAM P850 (7KG8501-0AA31-2AA0) (All versions \u003c V3.10), SICAM P850 (7KG8501-0AA32-0AA0) (All versions \u003c V3.10), SICAM P850 (7KG8501-0AA32-2AA0) (All versions \u003c V3.10), SICAM P855 (7KG8550-0AA00-0AA0) (All versions \u003c V3.10), SICAM P855 (7KG8550-0AA00-2AA0) (All versions \u003c V3.10), SICAM P855 (7KG8550-0AA10-0AA0) (All versions \u003c V3.10), SICAM P855 (7KG8550-0AA10-2AA0) (All versions \u003c V3.10), SICAM P855 (7KG8550-0AA30-0AA0) (All versions \u003c V3.10), SICAM P855 (7KG8550-0AA30-2AA0) (All versions \u003c V3.10), SICAM P855 (7KG8551-0AA01-0AA0) (All versions \u003c V3.10), SICAM P855 (7KG8551-0AA01-2AA0) (All versions \u003c V3.10), SICAM P855 (7KG8551-0AA02-0AA0) (All versions \u003c V3.10), SICAM P855 (7KG8551-0AA02-2AA0) (All versions \u003c V3.10), SICAM P855 (7KG8551-0AA11-0AA0) (All versions \u003c V3.10), SICAM P855 (7KG8551-0AA11-2AA0) (All versions \u003c V3.10), SICAM P855 (7KG8551-0AA12-0AA0) (All versions \u003c V3.10), SICAM P855 (7KG8551-0AA12-2AA0) (All versions \u003c V3.10), SICAM P855 (7KG8551-0AA31-0AA0) (All versions \u003c V3.10), SICAM P855 (7KG8551-0AA31-2AA0) (All versions \u003c V3.10), SICAM P855 (7KG8551-0AA32-0AA0) (All versions \u003c V3.10), SICAM P855 (7KG8551-0AA32-2AA0) (All versions \u003c V3.10), SICAM T (All versions \u003c V3.0). Affected devices accept user defined session cookies and do not renew the session cookie after login/logout. This could allow an attacker to take over another user\u0027s session after login."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384: Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T10:44:03.679Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-572005.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-572005.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-471761.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-40226",
"datePublished": "2022-10-11T00:00:00.000Z",
"dateReserved": "2022-09-08T00:00:00.000Z",
"dateUpdated": "2025-12-09T10:44:03.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…