CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-33137

A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S (All versions < V3.3), SIMATIC MV550 H (All versions < V3.3), SIMATIC MV550 S (All versions < V3.3), SIMATIC MV560 U (All versions < V3.3), SIMATIC MV560 X (All versions < V3.3). The web session management of affected devices does not invalidate session ids in certain logout scenarios. This could allow an authenticated remote attacker to hijack other users' sessions.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 55.2%

CVSS Severity

CVSS v3 Score 8.0

CVSS v2 Score 6.0

References

Products affected by CVE-2022-33137

Siemens » Simatic Mv540 H » Version: N/A

cpe:2.3:h:siemens:simatic_mv540_h:-
Siemens » Simatic Mv540 S » Version: N/A

cpe:2.3:h:siemens:simatic_mv540_s:-
Siemens » Simatic Mv550 H » Version: N/A

cpe:2.3:h:siemens:simatic_mv550_h:-
Siemens » Simatic Mv550 S » Version: N/A

cpe:2.3:h:siemens:simatic_mv550_s:-
Siemens » Simatic Mv560 U » Version: N/A

cpe:2.3:h:siemens:simatic_mv560_u:-
Siemens » Simatic Mv560 X » Version: N/A

cpe:2.3:h:siemens:simatic_mv560_x:-
Siemens » Simatic Mv540 H Firmware » Version: Any

cpe:2.3:o:siemens:simatic_mv540_h_firmware:*
Siemens » Simatic Mv540 S Firmware » Version: Any

cpe:2.3:o:siemens:simatic_mv540_s_firmware:*
Siemens » Simatic Mv550 H Firmware » Version: Any

cpe:2.3:o:siemens:simatic_mv550_h_firmware:*
Siemens » Simatic Mv550 S Firmware » Version: Any

cpe:2.3:o:siemens:simatic_mv550_s_firmware:*
Siemens » Simatic Mv560 U Firmware » Version: Any

cpe:2.3:o:siemens:simatic_mv560_u_firmware:*
Siemens » Simatic Mv560 X Firmware » Version: Any

cpe:2.3:o:siemens:simatic_mv560_x_firmware:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-33137

Products

Pricing

Contact Us