var-202211-0376
Vulnerability from variot
A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50). Affected devices do not renew the session cookie after login/logout and also accept user defined session cookies. An attacker could overwrite the stored session cookie of a user. After the victim logged in, the attacker is given access to the user's account through the activated session. Siemens' 7KG9501-0AA01-2AA1 firmware and 7KG9501-0AA31-2AA1 A session fixation vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The POWER METER SICAM Q100 is a multifunctional device for detecting, reporting and analyzing measured values and events
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202211-0376",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "power meter sicam q100",
"scope": "lt",
"trust": 1.2,
"vendor": "siemens",
"version": "2.50"
},
{
"model": "7kg9501-0aa31-2aa1",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.50"
},
{
"model": "7kg9501-0aa01-2aa1",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.50"
},
{
"model": "7kg9501-0aa31-2aa1",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "7kg9501-0aa01-2aa1",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-75541"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-020517"
},
{
"db": "NVD",
"id": "CVE-2022-43398"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:7kg9501-0aa01-2aa1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:7kg9501-0aa01-2aa1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:7kg9501-0aa31-2aa1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:7kg9501-0aa31-2aa1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-43398"
}
]
},
"cve": "CVE-2022-43398",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CNVD-2022-75541",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "productcert@siemens.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-43398",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-43398",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "productcert@siemens.com",
"id": "CVE-2022-43398",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2022-75541",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202211-2312",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-75541"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-020517"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-2312"
},
{
"db": "NVD",
"id": "CVE-2022-43398"
},
{
"db": "NVD",
"id": "CVE-2022-43398"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in POWER METER SICAM Q100 (All versions \u003c V2.50), POWER METER SICAM Q100 (All versions \u003c V2.50), POWER METER SICAM Q100 (All versions \u003c V2.50), POWER METER SICAM Q100 (All versions \u003c V2.50). Affected devices do not renew the session cookie after login/logout and also accept user defined session cookies. An attacker could overwrite the stored session cookie of a user. After the victim logged in, the attacker is given access to the user\u0027s account through the activated session. Siemens\u0027 7KG9501-0AA01-2AA1 firmware and 7KG9501-0AA31-2AA1 A session fixation vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The POWER METER SICAM Q100 is a multifunctional device for detecting, reporting and analyzing measured values and events",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-43398"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-020517"
},
{
"db": "CNVD",
"id": "CNVD-2022-75541"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-43398",
"trust": 3.8
},
{
"db": "SIEMENS",
"id": "SSA-570294",
"trust": 3.0
},
{
"db": "SIEMENS",
"id": "SSA-887249",
"trust": 2.4
},
{
"db": "ICS CERT",
"id": "ICSA-22-314-11",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-166-03",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU93762879",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU99464755",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-020517",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-75541",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202211-2312",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-75541"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-020517"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-2312"
},
{
"db": "NVD",
"id": "CVE-2022-43398"
}
]
},
"id": "VAR-202211-0376",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-75541"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-75541"
}
]
},
"last_update_date": "2024-01-17T18:01:05.573000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Siemens POWER METER SICAM Q100 session fixed vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/360351"
},
{
"title": "Siemens Power Meter Sicam Q100 Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=213742"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-75541"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-2312"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-384",
"trust": 1.0
},
{
"problemtype": "Session immobilization (CWE-384) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-020517"
},
{
"db": "NVD",
"id": "CVE-2022-43398"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-570294.pdf"
},
{
"trust": 2.4,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-887249.pdf"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu93762879/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99464755/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-43398"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-314-11"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-03"
},
{
"trust": 0.6,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-570294.html"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-43398/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-75541"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-020517"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-2312"
},
{
"db": "NVD",
"id": "CVE-2022-43398"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-75541"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-020517"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-2312"
},
{
"db": "NVD",
"id": "CVE-2022-43398"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-75541"
},
{
"date": "2023-11-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-020517"
},
{
"date": "2022-11-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-2312"
},
{
"date": "2022-11-08T11:15:11.940000",
"db": "NVD",
"id": "CVE-2022-43398"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-75541"
},
{
"date": "2023-11-02T08:03:00",
"db": "JVNDB",
"id": "JVNDB-2022-020517"
},
{
"date": "2023-06-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-2312"
},
{
"date": "2024-01-09T10:15:14.363000",
"db": "NVD",
"id": "CVE-2022-43398"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-2312"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens\u0027 \u00a07KG9501-0AA01-2AA1\u00a0 firmware and \u00a07KG9501-0AA31-2AA1\u00a0 Session fixation vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-020517"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-2312"
}
],
"trust": 0.6
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.