Vulnerability Description
The integrated web server on Siemens SCALANCE M-800 and S615 modules with firmware before 4.02 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Scalance M-800 Firmware | <= 4.01 |
| Siemens | Scalance M-800 | - |
| Siemens | Scalance S615 Firmware | <= 4.01 |
| Siemens | Scalance S615 | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/93115
- http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-342135.pdfVendor Advisory
- https://ics-cert.us-cert.gov/advisories/ICSA-16-271-01Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/93115
- http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-342135.pdfVendor Advisory
- https://ics-cert.us-cert.gov/advisories/ICSA-16-271-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2016-7090?
CVE-2016-7090 is a vulnerability with a CVSS score of 4.0 (MEDIUM). The integrated web server on Siemens SCALANCE M-800 and S615 modules with firmware before 4.02 does not set the secure flag for the session cookie in an https session, which makes it easier for remote...
How severe is CVE-2016-7090?
CVE-2016-7090 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-7090?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Scalance M-800 Firmware, Siemens Scalance M-800, Siemens Scalance S615 Firmware, Siemens Scalance S615.