CVE-2016-7090
Summary
| CVE | CVE-2016-7090 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2016-09-29 10:59:00 UTC |
| Updated | 2016-11-28 20:37:00 UTC |
| Description | The integrated web server on Siemens SCALANCE M-800 and S615 modules with firmware before 4.02 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. |
Risk And Classification
Problem Types: CWE-200
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Siemens | Scalance M-800 | - | All | All | All |
| Hardware | Siemens | Scalance M-800 | - | All | All | All |
| Operating System | Siemens | Scalance M-800 Firmware | All | All | All | All |
| Hardware | Siemens | Scalance S615 | - | All | All | All |
| Hardware | Siemens | Scalance S615 | - | All | All | All |
| Operating System | Siemens | Scalance S615 Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Siemens Scalance M-800 / S615 CVE-2016-7090 Information Disclosure Vulnerability | BID | www.securityfocus.com | |
| Siemens | CONFIRM | www.siemens.com | Vendor Advisory |
| Siemens SCALANCE M-800/S615 Web Vulnerability | ICS-CERT | MISC | ics-cert.us-cert.gov | Third Party Advisory, US Government Resource |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.