Rewterz Threat Advisory – ICS: Siemens Parasolid Vulnerability
November 14, 2022Rewterz Threat Alert – APT-C-23 or AridViper Threat Group – Active IOCs
November 14, 2022Rewterz Threat Advisory – ICS: Siemens Parasolid Vulnerability
November 14, 2022Rewterz Threat Alert – APT-C-23 or AridViper Threat Group – Active IOCs
November 14, 2022Severity
High
Analysis Summary
CVE-2022-43398
Siemens SICAM Q100 could allow a remote attacker to hijack a user’s session, cause by lack of session cookie renewal and the acceptance of user-defined session cookies. An attacker could exploit this vulnerability to overwrite the stored session cookie of a user and gain access to another user’s account.
Impact
- Gain Access
Indicators Of Compromise
CVE
- CVE-2022-43398
Affected Vendors
- Apache
- Siemens
Affected Products
- Siemens SICAM Q100 (7KG9501-0AA01- 2AA1) 2.49
- Siemens SICAM Q100 (7KG9501-0AA31- 2AA1) 2.49
Remediation
Refer to Siemens Security Advisory for patch, upgrade or suggested workaround information.