CVE-2023-31238

Name of the Vulnerable Software and Affected Versions POWER METER SICAM Q100 versions prior to V2.60 Siemens SICAM Q200 (affected versions not specified)

Description A vulnerability has been identified where affected devices are missing cookie protection flags when using the default settings. This allows an attacker who gains access to a session token to impersonate a legitimate application user. Additionally, there is an issue related to incorrect permission assignment for a critical resource in Siemens SICAM Q200, which can allow a remote attacker to elevate their privileges.

Recommendations For POWER METER SICAM Q100 versions prior to V2.60, update to version V2.60 or later to resolve the issue. For Siemens SICAM Q200, at the moment, there is no information about a newer version that contains a fix for this vulnerability.