Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The application, after a successful login, sets the session cookie on the browser via client-side JavaScript code, without applying any security attributes (such as “Secure”, “HttpOnly”, or “SameSite”). Any attempts to browse the application via unencrypted HTTP protocol would lead to the transmission of all his/her session cookies in plaintext through the network. An attacker could then be able to sniff the network and capture sensitive information.
CVSS Information
N/A
Vulnerability Type
HTTPS会话中未设置’Secure’属性的敏感Cookie
Vulnerability Title
多款Siemens产品安全漏洞
Vulnerability Description
Siemens Desigo DXR2等都是德国西门子(Siemens)公司的一个楼宇自动化和控制产品。 Siemens Desigo PXC和 DXR 存在安全漏洞,未经授权的远程攻击者可访问系统上的敏感信息。以下产品及版本受到影响:Desigo DXR2 01.21.142.5-22之前版本,Desigo PXC3 01.21.142.4-1之前版本,Desigo PXC4 02.20.142.10-10884之前版本,Desigo PXC5 02.20.142.10-10884之前版本。
CVSS Information
N/A
Vulnerability Type
N/A