var-201609-0482
Vulnerability from variot
The integrated web server on Siemens SCALANCE M-800 and S615 modules with firmware before 4.02 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. The SCALANCE M series are industrial routers used to secure remote access.
SIEMENS SCALANCE m-800 / S61 module has an information disclosure vulnerability. Attackers can use vulnerabilities to obtain sensitive information, posing a risk of information leakage. Successful exploits may lead to other attacks. Versions prior to Siemens Scalance M-800 / S615 4.02 are vulnerable. Both Siemens Scalance M-800 and S615 are products of Siemens, Germany. The former is an industrial router and the latter is a firewall
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201609-0482", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "scalance s615", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "4.01" }, { "model": "scalance m-800", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "4.01" }, { "model": "scalance m-800", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "scalance m-800", "scope": "lt", "trust": 0.8, "vendor": "siemens", "version": "4.02" }, { "model": "scalance s615", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "scalance s615", "scope": "lt", "trust": 0.8, "vendor": "siemens", "version": "4.02" }, { "model": "scalance m-800 s615", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "/" }, { "model": "scalance m-800", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "4.01" }, { "model": "scalance s615", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "4.01" }, { "model": "scalance s615", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "scalance m-800", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "scalance s-615", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.02" }, { "model": "scalance m-800", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.02" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2016-07905" }, { "db": "BID", "id": "93115" }, { "db": "JVNDB", "id": "JVNDB-2016-005051" }, { "db": "NVD", "id": "CVE-2016-7090" }, { "db": "CNNVD", "id": "CNNVD-201609-573" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_m-800_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.01", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_m-800:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_s615_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.01", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_s615:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-7090" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Alexander Van Maele and Tijl Deneut from HOWEST.", "sources": [ { "db": "BID", "id": "93115" }, { "db": "CNNVD", "id": "CNNVD-201609-573" } ], "trust": 0.9 }, "cve": "CVE-2016-7090", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.3, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2016-7090", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 4.9, "id": "CNVD-2016-07905", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "LOW", "trust": 0.6, "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-95910", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 2.2, "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N", "version": "3.0" }, { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.0, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2016-7090", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Changed", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-7090", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNVD", "id": "CNVD-2016-07905", "trust": 0.6, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-201609-573", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-95910", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2016-07905" }, { "db": "VULHUB", "id": "VHN-95910" }, { "db": "JVNDB", "id": "JVNDB-2016-005051" }, { "db": "NVD", "id": "CVE-2016-7090" }, { "db": "CNNVD", "id": "CNNVD-201609-573" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The integrated web server on Siemens SCALANCE M-800 and S615 modules with firmware before 4.02 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. The SCALANCE M series are industrial routers used to secure remote access. \n\nSIEMENS SCALANCE m-800 / S61 module has an information disclosure vulnerability. Attackers can use vulnerabilities to obtain sensitive information, posing a risk of information leakage. Successful exploits may lead to other attacks. \nVersions prior to Siemens Scalance M-800 / S615 4.02 are vulnerable. Both Siemens Scalance M-800 and S615 are products of Siemens, Germany. The former is an industrial router and the latter is a firewall", "sources": [ { "db": "NVD", "id": "CVE-2016-7090" }, { "db": "JVNDB", "id": "JVNDB-2016-005051" }, { "db": "CNVD", "id": "CNVD-2016-07905" }, { "db": "BID", "id": "93115" }, { "db": "VULHUB", "id": "VHN-95910" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-7090", "trust": 3.4 }, { "db": "ICS CERT", "id": "ICSA-16-271-01", "trust": 2.8 }, { "db": "BID", "id": "93115", "trust": 2.0 }, { "db": "SIEMENS", "id": "SSA-342135", "trust": 2.0 }, { "db": "JVNDB", "id": "JVNDB-2016-005051", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201609-573", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2016-07905", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-95910", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2016-07905" }, { "db": "VULHUB", "id": "VHN-95910" }, { "db": "BID", "id": "93115" }, { "db": "JVNDB", "id": "JVNDB-2016-005051" }, { "db": "NVD", "id": "CVE-2016-7090" }, { "db": "CNNVD", "id": "CNNVD-201609-573" } ] }, "id": "VAR-201609-0482", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2016-07905" }, { "db": "VULHUB", "id": "VHN-95910" } ], "trust": 1.3377283 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS", "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2016-07905" } ] }, "last_update_date": "2023-12-18T13:44:12.219000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-342135", "trust": 0.8, "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-342135.pdf" }, { "title": "Patch for Information disclosure vulnerability in SIEMENS SCALANCE m-800 / S61 module", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/81618" }, { "title": "Siemens Scalance M-800 and S615 Repair measures for information disclosure vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=64295" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2016-07905" }, { "db": "JVNDB", "id": "JVNDB-2016-005051" }, { "db": "CNNVD", "id": "CNNVD-201609-573" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-200", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-95910" }, { "db": "JVNDB", "id": "JVNDB-2016-005051" }, { "db": "NVD", "id": "CVE-2016-7090" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.8, "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-271-01" }, { "trust": 2.0, "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-342135.pdf" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/93115" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7090" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7090" }, { "trust": 0.3, "url": "http://www.siemens.com/" } ], "sources": [ { "db": "VULHUB", "id": "VHN-95910" }, { "db": "BID", "id": "93115" }, { "db": "JVNDB", "id": "JVNDB-2016-005051" }, { "db": "NVD", "id": "CVE-2016-7090" }, { "db": "CNNVD", "id": "CNNVD-201609-573" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2016-07905" }, { "db": "VULHUB", "id": "VHN-95910" }, { "db": "BID", "id": "93115" }, { "db": "JVNDB", "id": "JVNDB-2016-005051" }, { "db": "NVD", "id": "CVE-2016-7090" }, { "db": "CNNVD", "id": "CNNVD-201609-573" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-09-23T00:00:00", "db": "CNVD", "id": "CNVD-2016-07905" }, { "date": "2016-09-29T00:00:00", "db": "VULHUB", "id": "VHN-95910" }, { "date": "2016-09-22T00:00:00", "db": "BID", "id": "93115" }, { "date": "2016-10-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-005051" }, { "date": "2016-09-29T10:59:03.893000", "db": "NVD", "id": "CVE-2016-7090" }, { "date": "2016-09-23T00:00:00", "db": "CNNVD", "id": "CNNVD-201609-573" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-09-23T00:00:00", "db": "CNVD", "id": "CNVD-2016-07905" }, { "date": "2016-11-28T00:00:00", "db": "VULHUB", "id": "VHN-95910" }, { "date": "2016-09-28T00:02:00", "db": "BID", "id": "93115" }, { "date": "2016-10-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-005051" }, { "date": "2016-11-28T20:37:05.437000", "db": "NVD", "id": "CVE-2016-7090" }, { "date": "2016-09-30T00:00:00", "db": "CNNVD", "id": "CNNVD-201609-573" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201609-573" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens SCALANCE M-800 and S615 Module firmware integration Web Session on server Cookie Vulnerability that is captured", "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-005051" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "information disclosure", "sources": [ { "db": "CNNVD", "id": "CNNVD-201609-573" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.