M-800/S615 Web Vulnerability
Exploitation of this vulnerability could allow an attacker in a privileged network position to obtain web session cookies under certain circumstances.
SENSITIVE COOKIE IN HTTPS SESSION WITHOUT “SECURE” ATTRIBUTE
The integrated web server delivers session cookies without the “secure” flag. Modern browsers interpreting the flag would mitigate potential data leakage in case of clear text transmission.
This vulnerability could be exploited remotely.
Siemens provides firmware version V4.2 for SCALANCE M-800/S615 to mitigate this vulnerability. The firmware version can be obtained here: