CVE-2022-40226

Summary

A vulnerability has been identified in SICAM P850 (7KG8500-0AA00-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA00-2AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA10-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA10-2AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA30-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA30-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA01-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA01-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA02-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA02-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA11-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA11-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA12-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA12-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA31-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA31-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA32-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA32-2AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA00-0AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA00-2AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA10-0AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA10-2AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA30-0AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA30-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA01-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA01-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA02-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA02-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA11-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA11-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA12-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA12-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA31-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA31-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA32-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA32-2AA0) (All versions < V3.10), SICAM T (All versions < V3.0). Affected devices accept user defined session cookies and do not renew the session cookie after login/logout. This could allow an attacker to take over another user's session after login.

Affected Software

VendorProductVersion RangeStatus
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P850All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM P855All versions < V3.10affected
SiemensSICAM T0 < V3.0affected

Weaknesses

  • CWE-384: CWE-384: Session Fixation

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References