CVE-2022-33137
8.0
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Exploitability: 2.1 / Impact: 5.9
Source: NVD
Description
A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S (All versions < V3.3), SIMATIC MV550 H (All versions < V3.3), SIMATIC MV550 S (All versions < V3.3), SIMATIC MV560 U (All versions < V3.3), SIMATIC MV560 X (All versions < V3.3). The web session management of affected devices does not invalidate session ids in certain logout scenarios. This could allow an authenticated remote attacker to hijack other users' sessions.
Affected (6)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 3.3 |
| Running on/with | Platform Versions |
|---|---|
Siemens Simatic Mv540 H | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 3.3 |
| Running on/with | Platform Versions |
|---|---|
Siemens Simatic Mv540 S | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 3.3 |
| Running on/with | Platform Versions |
|---|---|
Siemens Simatic Mv550 H | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 3.3 |
| Running on/with | Platform Versions |
|---|---|
Siemens Simatic Mv550 S | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before 3.3 |
| Running on/with | Platform Versions |
|---|---|
Siemens Simatic Mv560 U | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before 3.3 |
| Running on/with | Platform Versions |
|---|---|
Siemens Simatic Mv560 X | All versions |
References (2)
Source: productcert@siemens.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Timeline
No history available yet.