Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50). Affected devices do not renew the session cookie after login/logout and also accept user defined session cookies. An attacker could overwrite the stored session cookie of a user. After the victim logged in, the attacker is given access to the user's account through the activated session.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
会话固定
Vulnerability Title
Siemens Power Meter Sicam Q100 授权问题漏洞
Vulnerability Description
Siemens Power Meter Sicam Q100是德国西门子(Siemens)公司的一款电能质量记录仪。用于交流电流、交流电压、频率、功率、谐波等电气测量变量的采集、可视化、评估和传输。 Siemens Power Meter Sicam Q100 V2.50之前版本存在授权问题漏洞,该漏洞源于受影响的设备在登录/注销后不会更新会话 cookie,并且还接受用户定义的会话 cookie,攻击者利用该漏洞可以覆盖用户存储的会话 cookie,受害者登录后,攻击者可以通过激活的会话访问用户的帐户。
CVSS Information
N/A
Vulnerability Type
N/A