CVE-2023-31238 Information

Description

A vulnerability has been identified in POWER METER SICAM Q200 family (All versions < V2.70). Affected devices are missing cookie protection flags when using the default settings. An attacker who gains access to a session token can use it to impersonate a legitimate application user.

Reference

https://cert-portal.siemens.com/productcert/pdf/ssa-887249.pdf