CVE-2022-24045 — MEDIUM (6.5)

Q: How severe is CVE-2022-24045?

CVE-2022-24045 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-24045?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Desigo Dxr2 Firmware, Siemens Desigo Dxr2, Siemens Desigo Pxc3 Firmware, Siemens Desigo Pxc3, Siemens Desigo Pxc4 Firmware.

Vulnerability Description

A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The application, after a successful login, sets the session cookie on the browser via client-side JavaScript code, without applying any security attributes (such as “Secure”, “HttpOnly”, or “SameSite”). Any attempts to browse the application via unencrypted HTTP protocol would lead to the transmission of all his/her session cookies in plaintext through the network. An attacker could then be able to sniff the network and capture sensitive information.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Siemens	Desigo Dxr2 Firmware	< 01.21.142.5-22
Siemens	Desigo Dxr2	-
Siemens	Desigo Pxc3 Firmware	< 01.21.142.4-18
Siemens	Desigo Pxc3	-
Siemens	Desigo Pxc4 Firmware	< 02.20.142.10-10884
Siemens	Desigo Pxc4	-
Siemens	Desigo Pxc5 Firmware	< 02.20.142.10-10884
Siemens	Desigo Pxc5	-

Related Weaknesses (CWE)

CWE-614 CWE-311

References

https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdfVendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdfVendor Advisory

FAQ

What is CVE-2022-24045?

CVE-2022-24045 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All ve...

How severe is CVE-2022-24045?

CVE-2022-24045 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-24045?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Desigo Dxr2 Firmware, Siemens Desigo Dxr2, Siemens Desigo Pxc3 Firmware, Siemens Desigo Pxc3, Siemens Desigo Pxc4 Firmware.