ID

VAR-202210-0447


CVE

CVE-2022-40226


TITLE

Session fixation vulnerability in multiple Siemens products

Trust: 0.8

sources: JVNDB: JVNDB-2022-018811

DESCRIPTION

A vulnerability has been identified in SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10). Affected devices accept user defined session cookies and do not renew the session cookie after login/logout. This could allow an attacker to take over another user's session after login. 7kg8500-0aa00-0aa0 firmware, 7kg8500-0aa00-2aa0 firmware, 7kg8500-0aa10-0aa0 Session fixation vulnerabilities exist in multiple Siemens products, including firmware.Information may be obtained and information may be tampered with. Siemens SICAM is a comprehensive substation automation system of Siemens (Siemens) in Germany. Several Siemens products have an access control error vulnerability

Trust: 2.16

sources: NVD: CVE-2022-40226 // JVNDB: JVNDB-2022-018811 // CNVD: CNVD-2022-91618

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-91618

AFFECTED PRODUCTS

vendor:siemensmodel:7kg8500-0aa30-0aa0scope:ltversion:3.10

Trust: 1.0

vendor:siemensmodel:7kg8501-0aa31-0aa0scope:ltversion:3.10

Trust: 1.0

vendor:siemensmodel:7kg8501-0aa11-0aa0scope:ltversion:3.10

Trust: 1.0

vendor:siemensmodel:7kg8550-0aa10-0aa0scope:ltversion:3.10

Trust: 1.0

vendor:siemensmodel:7kg8501-0aa32-0aa0scope:ltversion:3.10

Trust: 1.0

vendor:siemensmodel:7kg8550-0aa30-0aa0scope:ltversion:3.10

Trust: 1.0

vendor:siemensmodel:7kg8551-0aa02-0aa0scope:ltversion:3.10

Trust: 1.0

vendor:siemensmodel:7kg8551-0aa12-0aa0scope:ltversion:3.10

Trust: 1.0

vendor:siemensmodel:7kg8551-0aa31-0aa0scope:ltversion:3.10

Trust: 1.0

vendor:siemensmodel:7kg8500-0aa10-2aa0scope:ltversion:3.10

Trust: 1.0

vendor:siemensmodel:7kg8501-0aa31-2aa0scope:ltversion:3.10

Trust: 1.0

vendor:siemensmodel:7kg8551-0aa11-0aa0scope:ltversion:3.10

Trust: 1.0

vendor:siemensmodel:7kg8551-0aa32-0aa0scope:ltversion:3.10

Trust: 1.0

vendor:siemensmodel:7kg8551-0aa11-2aa0scope:ltversion:3.10

Trust: 1.0

vendor:siemensmodel:7kg8501-0aa11-2aa0scope:ltversion:3.10

Trust: 1.0

vendor:siemensmodel:7kg8550-0aa00-0aa0scope:ltversion:3.10

Trust: 1.0

vendor:siemensmodel:7kg8551-0aa31-2aa0scope:ltversion:3.10

Trust: 1.0

vendor:siemensmodel:7kg8501-0aa02-0aa0scope:ltversion:3.10

Trust: 1.0

vendor:siemensmodel:7kg8551-0aa12-2aa0scope:ltversion:3.10

Trust: 1.0

vendor:siemensmodel:7kg8550-0aa10-2aa0scope:ltversion:3.10

Trust: 1.0

vendor:siemensmodel:7kg8550-0aa00-2aa0scope:ltversion:3.10

Trust: 1.0

vendor:siemensmodel:7kg8551-0aa01-0aa0scope:ltversion:3.10

Trust: 1.0

vendor:siemensmodel:7kg8501-0aa12-0aa0scope:ltversion:3.10

Trust: 1.0

vendor:siemensmodel:7kg8501-0aa01-2aa0scope:ltversion:3.10

Trust: 1.0

vendor:siemensmodel:7kg8551-0aa32-2aa0scope:ltversion:3.10

Trust: 1.0

vendor:siemensmodel:7kg8501-0aa01-0aa0scope:ltversion:3.10

Trust: 1.0

vendor:siemensmodel:7kg8550-0aa30-2aa0scope:ltversion:3.10

Trust: 1.0

vendor:siemensmodel:7kg8500-0aa00-0aa0scope:ltversion:3.10

Trust: 1.0

vendor:siemensmodel:7kg8501-0aa02-2aa0scope:ltversion:3.10

Trust: 1.0

vendor:siemensmodel:7kg8551-0aa01-2aa0scope:ltversion:3.10

Trust: 1.0

vendor:siemensmodel:7kg8500-0aa10-0aa0scope:ltversion:3.10

Trust: 1.0

vendor:siemensmodel:7kg8551-0aa02-2aa0scope:ltversion:3.10

Trust: 1.0

vendor:siemensmodel:7kg8501-0aa12-2aa0scope:ltversion:3.10

Trust: 1.0

vendor:siemensmodel:7kg8501-0aa32-2aa0scope:ltversion:3.10

Trust: 1.0

vendor:siemensmodel:7kg8500-0aa30-2aa0scope:ltversion:3.10

Trust: 1.0

vendor:siemensmodel:7kg8500-0aa00-2aa0scope:ltversion:3.10

Trust: 1.0

vendor:シーメンスmodel:7kg8500-0aa00-2aa0scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:7kg8500-0aa10-0aa0scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:7kg8501-0aa11-0aa0scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:7kg8501-0aa02-0aa0scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:7kg8500-0aa30-2aa0scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:7kg8501-0aa12-2aa0scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:7kg8501-0aa02-2aa0scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:7kg8501-0aa01-2aa0scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:7kg8500-0aa10-2aa0scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:7kg8501-0aa32-2aa0scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:7kg8501-0aa01-0aa0scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:7kg8500-0aa30-0aa0scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:7kg8501-0aa31-0aa0scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:7kg8500-0aa00-0aa0scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:7kg8501-0aa32-0aa0scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:7kg8550-0aa00-2aa0scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:7kg8550-0aa00-0aa0scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:7kg8501-0aa11-2aa0scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:7kg8501-0aa31-2aa0scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:7kg8501-0aa12-0aa0scope: - version: -

Trust: 0.8

vendor:siemensmodel:desigo pxm30-1scope:ltversion:v02.20.126.11-41

Trust: 0.6

vendor:siemensmodel:desigo pxm30.escope:ltversion:v02.20.126.11-41

Trust: 0.6

vendor:siemensmodel:desigo pxm40-1scope:ltversion:v02.20.126.11-41

Trust: 0.6

vendor:siemensmodel:desigo pxm40.escope:ltversion:v02.20.126.11-41

Trust: 0.6

vendor:siemensmodel:desigo pxm50-1scope:ltversion:v02.20.126.11-41

Trust: 0.6

vendor:siemensmodel:desigo pxm50.escope:ltversion:v02.20.126.11-41

Trust: 0.6

vendor:siemensmodel:pxg3.w100-1scope:eqversion:v02.20.126.11-37

Trust: 0.6

vendor:siemensmodel:pxg3.w100-2scope:ltversion:v02.20.126.11-41

Trust: 0.6

vendor:siemensmodel:pxg3.w200-1scope:eqversion:v02.20.126.11-37

Trust: 0.6

vendor:siemensmodel:pxg3.w200-2scope:ltversion:v02.20.126.11-41

Trust: 0.6

sources: CNVD: CNVD-2022-91618 // JVNDB: JVNDB-2022-018811 // NVD: CVE-2022-40226

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-40226
value: HIGH

Trust: 1.0

productcert@siemens.com: CVE-2022-40226
value: HIGH

Trust: 1.0

NVD: CVE-2022-40226
value: HIGH

Trust: 0.8

CNVD: CNVD-2022-91618
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202210-501
value: HIGH

Trust: 0.6

CNVD: CNVD-2022-91618
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-40226
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.1

Trust: 1.0

productcert@siemens.com: CVE-2022-40226
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-40226
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-91618 // JVNDB: JVNDB-2022-018811 // CNNVD: CNNVD-202210-501 // NVD: CVE-2022-40226 // NVD: CVE-2022-40226

PROBLEMTYPE DATA

problemtype:CWE-384

Trust: 1.0

problemtype:Session immobilization (CWE-384) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-018811 // NVD: CVE-2022-40226

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202210-501

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202210-501

PATCH

title:Patch for Access Control Error Vulnerabilities in Multiple Siemens Productsurl:https://www.cnvd.org.cn/patchInfo/show/384501

Trust: 0.6

title:Multiple Siemens Product Authorization Issue Vulnerability Fixing Measuresurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=210583

Trust: 0.6

sources: CNVD: CNVD-2022-91618 // CNNVD: CNNVD-202210-501

EXTERNAL IDS

db:NVDid:CVE-2022-40226

Trust: 3.8

db:SIEMENSid:SSA-572005

Trust: 3.0

db:ICS CERTid:ICSA-22-286-09

Trust: 1.4

db:JVNid:JVNVU92214181

Trust: 0.8

db:JVNDBid:JVNDB-2022-018811

Trust: 0.8

db:CNVDid:CNVD-2022-91618

Trust: 0.6

db:AUSCERTid:ESB-2022.5101.3

Trust: 0.6

db:CNNVDid:CNNVD-202210-501

Trust: 0.6

sources: CNVD: CNVD-2022-91618 // JVNDB: JVNDB-2022-018811 // CNNVD: CNNVD-202210-501 // NVD: CVE-2022-40226

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-572005.pdf

Trust: 3.0

url:https://jvn.jp/vu/jvnvu92214181/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-40226

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-22-286-09

Trust: 0.8

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-286-09

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-40226/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5101.3

Trust: 0.6

sources: CNVD: CNVD-2022-91618 // JVNDB: JVNDB-2022-018811 // CNNVD: CNNVD-202210-501 // NVD: CVE-2022-40226

CREDITS

Michael Messner of Siemens Energy reported these vulnerabilities to Siemens.

Trust: 0.6

sources: CNNVD: CNNVD-202210-501

SOURCES

db:CNVDid:CNVD-2022-91618
db:JVNDBid:JVNDB-2022-018811
db:CNNVDid:CNNVD-202210-501
db:NVDid:CVE-2022-40226

LAST UPDATE DATE

2024-08-14T12:23:58.798000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-91618date:2022-12-29T00:00:00
db:JVNDBid:JVNDB-2022-018811date:2023-10-23T08:12:00
db:CNNVDid:CNNVD-202210-501date:2022-10-17T00:00:00
db:NVDid:CVE-2022-40226date:2023-06-13T09:15:14.680

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-91618date:2022-12-18T00:00:00
db:JVNDBid:JVNDB-2022-018811date:2023-10-23T00:00:00
db:CNNVDid:CNNVD-202210-501date:2022-10-11T00:00:00
db:NVDid:CVE-2022-40226date:2022-10-11T11:15:10.883