cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-31238,https://securityvulnerability.io/vulnerability/CVE-2023-31238,Session Token Vulnerability in Siemens POWER METER SICAM Q200 Family Devices,"A session token vulnerability exists in the Siemens POWER METER SICAM Q200 family of devices. This issue arises due to the absence of cookie protection flags in the default settings. An attacker who successfully gains access to a session token can impersonate legitimate users of the application, potentially compromising security and user data. Users are advised to upgrade to the latest version (V2.70 or higher) to mitigate this vulnerability effectively.",Siemens,POWER METER SICAM Q100,4.8,MEDIUM,0.000859999970998615,false,,false,false,false,,false,false,2023-06-13T09:15:00.000Z,0
CVE-2023-30901,https://securityvulnerability.io/vulnerability/CVE-2023-30901,Web Interface Vulnerability in POWER METER SICAM Q200 by Siemens,"A vulnerability exists in the web interface of the POWER METER SICAM Q200 family that exposes it to Cross-Site Request Forgery (CSRF) attacks. An attacker can exploit this weakness by deceiving an authenticated user into clicking a malicious link, which allows the attacker to execute unauthorized commands on the targeted device while appearing to act on behalf of the user. It is crucial for users to apply the necessary updates to version V2.70 or later to mitigate this risk and safeguard their systems.",Siemens,POWER METER SICAM Q100,8.8,HIGH,0.0013200000394135714,false,,false,false,false,,false,false,2023-06-13T09:15:00.000Z,0
CVE-2022-43546,https://securityvulnerability.io/vulnerability/CVE-2022-43546,Remote Code Execution Vulnerability in POWER METER SICAM Q200 and P850 Series,"A vulnerability exists in the web interface of POWER METER SICAM Q200 and P850 series devices, stemming from improper validation of the EndTime parameter in requests sent to port 443/tcp. This oversight can be exploited by an authenticated remote attacker, leading to potential device crashes followed by automatic reboots or enabling unauthorized arbitrary code execution.",Siemens,"Power Meter Sicam Q100,Sicam P850,Sicam P855",9.9,CRITICAL,0.004749999847263098,false,,false,false,false,,false,false,2022-11-08T00:00:00.000Z,0
CVE-2022-43439,https://securityvulnerability.io/vulnerability/CVE-2022-43439,Vulnerability in POWER METER SICAM Q200 Family and SICAM P850/P855 Products by Siemens,"A vulnerability exists in the POWER METER SICAM Q200 family and the SICAM P850/P855, affecting versions below specified thresholds. The devices fail to properly validate the Language-parameter in requests made to the web interface over port 443. This oversight allows an authenticated remote attacker to disrupt the device's functioning by causing it to crash, which is followed by an automatic reboot. Additionally, it opens the possibility for arbitrary code execution, posing significant security risks to systems utilizing these meters.",Siemens,"Power Meter Sicam Q100,Sicam P850,Sicam P855",9.9,CRITICAL,0.004749999847263098,false,,false,false,false,,false,false,2022-11-08T00:00:00.000Z,0
CVE-2022-43398,https://securityvulnerability.io/vulnerability/CVE-2022-43398,Session Cookie Vulnerability in POWER METER SICAM Q200 by Siemens,"A vulnerability has been identified in the POWER METER SICAM Q200 family, where the devices fail to renew session cookies after user login/logout events and allow the acceptance of user-defined session cookies. This flaw enables an attacker to overwrite a legitimate user's session cookie, granting unauthorized access to the victim's account once they have logged in. The security implication of this vulnerability reflects a significant risk, as it could permit attackers to manipulate user sessions and potentially compromise sensitive information.",Siemens,Power Meter Sicam Q100,7.5,HIGH,0.002219999907538295,false,,false,false,false,,false,false,2022-11-08T00:00:00.000Z,0
CVE-2022-43545,https://securityvulnerability.io/vulnerability/CVE-2022-43545,Remote Code Execution Vulnerability in POWER METER Products by Siemens,"A vulnerability exists in the POWER METER SICAM Q200 family and SICAM P850/P855 products, where affected devices fail to properly validate the RecordType parameter in requests sent to its web interface via port 443/tcp. This flaw may allow an authenticated remote attacker to crash the device, causing it to reboot, or even execute arbitrary code. Users are urged to upgrade to the latest versions to mitigate potential risks.",Siemens,"Power Meter Sicam Q100,Sicam P850,Sicam P855",9.9,CRITICAL,0.004749999847263098,false,,false,false,false,,false,false,2022-11-08T00:00:00.000Z,0
CVE-2021-44165,https://securityvulnerability.io/vulnerability/CVE-2021-44165,,"A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.41), POWER METER SICAM Q100 (All versions < V2.41), POWER METER SICAM Q100 (All versions < V2.41), POWER METER SICAM Q100 (All versions < V2.41). The affected firmware contains a buffer overflow vulnerability in the web application that could allow a remote attacker with engineer or admin priviliges to potentially perform remote code execution.",Siemens,Power Meter Sicam Q100,7.2,HIGH,0.0021800000686198473,false,,false,false,false,,false,false,2021-12-14T12:06:52.000Z,0