CVE-2016-7090

Name of the Vulnerable Software and Affected Versions Siemens SCALANCE M-800 and S615 modules versions prior to 4.02

Description The issue concerns the integrated web server's handling of session cookies in https sessions. Specifically, it does not set the secure flag for the session cookie, making it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

Recommendations For versions prior to 4.02, update the firmware to version 4.02 or later to resolve the issue. As a temporary workaround, consider restricting access to the web server to minimize the risk of exploitation.