CVE-2022-43398

Name of the Vulnerable Software and Affected Versions POWER METER SICAM Q100 versions prior to V2.50

Description A vulnerability has been identified where affected devices do not renew the session cookie after login/logout and also accept user-defined session cookies. An attacker could overwrite the stored session cookie of a user, gaining access to the user's account through the activated session after the victim logs in.

Recommendations For versions prior to V2.50, update to version V2.50 or later to resolve the issue. As a temporary workaround, consider restricting access to the session cookie management functionality until a patch is available. Avoid using user-defined session cookies in the affected devices until the issue is resolved.