Alexander Van Maele

**Name of the Vulnerable Software and Affected Versions** Siemens SCALANCE M-800 and S615 modules versions prior to 4.02 **Description** The issue concerns the integrated web server's handling of session cookies in https sessions. Specifically, it does not set the secure flag for the session cookie, making it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. **Recommendations** For versions prior to 4.02, update the firmware to version 4.02 or later to resolve the issue. As a temporary workaround, consider restricting access to the web server to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Siemens SINEMA Remote Connect Server versions prior to 1.2 **Description** The issue is related to a cross-site scripting (XSS) vulnerability in the integrated web server. This allows remote attackers to inject arbitrary web script or HTML via a crafted URL. **Recommendations** For versions prior to 1.2, update to version 1.2 or later to resolve the issue.