var-202306-0890
Vulnerability from variot
A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user. Siemens' q200 A cross-site request forgery vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SICAM Q200 is a multifunctional device for detection, reporting and analysis of measured values and events
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202306-0890",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "q200",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.70"
},
{
"model": "q200",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": "q200 firmware 2.70"
},
{
"model": "q200",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "q200",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "sicam q200",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "2.70"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-48551"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009051"
},
{
"db": "NVD",
"id": "CVE-2023-30901"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:q200_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.70",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:q200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-30901"
}
]
},
"cve": "CVE-2023-30901",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2023-48551",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "productcert@siemens.com",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-30901",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-30901",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "productcert@siemens.com",
"id": "CVE-2023-30901",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2023-48551",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202306-877",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-48551"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009051"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-877"
},
{
"db": "NVD",
"id": "CVE-2023-30901"
},
{
"db": "NVD",
"id": "CVE-2023-30901"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in POWER METER SICAM Q100 (All versions \u003c V2.60), POWER METER SICAM Q100 (All versions \u003c V2.60), POWER METER SICAM Q100 (All versions \u003c V2.60), POWER METER SICAM Q100 (All versions \u003c V2.60). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user. Siemens\u0027 q200 A cross-site request forgery vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SICAM Q200 is a multifunctional device for detection, reporting and analysis of measured values \u200b\u200band events",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-30901"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009051"
},
{
"db": "CNVD",
"id": "CNVD-2023-48551"
},
{
"db": "VULMON",
"id": "CVE-2023-30901"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-30901",
"trust": 3.9
},
{
"db": "SIEMENS",
"id": "SSA-887249",
"trust": 3.1
},
{
"db": "SIEMENS",
"id": "SSA-480095",
"trust": 1.0
},
{
"db": "ICS CERT",
"id": "ICSA-23-166-03",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-348-12",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU98271228",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU99464755",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009051",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-48551",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202306-877",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-30901",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-48551"
},
{
"db": "VULMON",
"id": "CVE-2023-30901"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009051"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-877"
},
{
"db": "NVD",
"id": "CVE-2023-30901"
}
]
},
"id": "VAR-202306-0890",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-48551"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-48551"
}
]
},
"last_update_date": "2024-01-17T17:56:26.970000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Siemens SICAM Q200 cross-site request forgery vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/433486"
},
{
"title": "Siemens POWER METER SICAM Fixes for cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=243026"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-48551"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-877"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.0
},
{
"problemtype": "Cross-site request forgery (CWE-352) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-009051"
},
{
"db": "NVD",
"id": "CVE-2023-30901"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-887249.pdf"
},
{
"trust": 1.0,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480095.pdf"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99464755/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98271228/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-30901"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-03"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-12"
},
{
"trust": 0.6,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-887249.html"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-30901/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-48551"
},
{
"db": "VULMON",
"id": "CVE-2023-30901"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009051"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-877"
},
{
"db": "NVD",
"id": "CVE-2023-30901"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-48551"
},
{
"db": "VULMON",
"id": "CVE-2023-30901"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009051"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-877"
},
{
"db": "NVD",
"id": "CVE-2023-30901"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-06-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-48551"
},
{
"date": "2023-06-13T00:00:00",
"db": "VULMON",
"id": "CVE-2023-30901"
},
{
"date": "2023-12-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-009051"
},
{
"date": "2023-06-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202306-877"
},
{
"date": "2023-06-13T09:15:17.763000",
"db": "NVD",
"id": "CVE-2023-30901"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-06-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-48551"
},
{
"date": "2023-06-13T00:00:00",
"db": "VULMON",
"id": "CVE-2023-30901"
},
{
"date": "2023-12-21T06:27:00",
"db": "JVNDB",
"id": "JVNDB-2023-009051"
},
{
"date": "2023-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202306-877"
},
{
"date": "2024-01-09T10:15:15.077000",
"db": "NVD",
"id": "CVE-2023-30901"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202306-877"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens\u0027 \u00a0q200\u00a0 Cross-site request forgery vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-009051"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202306-877"
}
],
"trust": 0.6
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.