Siemens SCALANCE M-800 Web Vulnerability

Siemens SCALANCE

M-800/S615 Web Vulnerability

CVE-2016-7090

800/S615

Exploitation of this vulnerability could allow an attacker in a privileged network position to obtain web session cookies under certain circumstances.

SENSITIVE COOKIE IN HTTPS SESSION WITHOUT “SECURE” ATTRIBUTE

The integrated web server delivers session cookies without the “secure” flag. Modern browsers interpreting the flag would mitigate potential data leakage in case of clear text transmission.

EXPLOITABILITY

This vulnerability could be exploited remotely.

MITIGATION

Siemens provides firmware version V4.2 for SCALANCE M-800/S615 to mitigate this vulnerability. The firmware version can be obtained here:

https://support.industry.siemens.com/cs/ww/en/view/109740858