{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-28T06:01:59.930","vulnerabilities":[{"cve":{"id":"CVE-2022-43398","sourceIdentifier":"productcert@siemens.com","published":"2022-11-08T11:15:11.940","lastModified":"2024-11-21T07:26:24.183","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50). Affected devices do not renew the session cookie after login/logout and also accept user defined session cookies.  An attacker could overwrite the stored session cookie of a user. After the victim logged in, the attacker is given access to the user's account through the activated session."},{"lang":"es","value":"Se ha identificado una vulnerabilidad en la familia POWER METER SICAM Q200 (Todas las versiones &lt; V2.70). Los dispositivos afectados no renuevan la cookie de sesión después de iniciar/cerrar sesión y también aceptan cookies de sesión definidas por el usuario. Un atacante podría sobrescribir la cookie de sesión almacenada de un usuario. Después de que la víctima inicia sesión, el atacante obtiene acceso a la cuenta del usuario a través de la sesión activada."}],"metrics":{"cvssMetricV31":[{"source":"productcert@siemens.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"productcert@siemens.com","type":"Secondary","description":[{"lang":"en","value":"CWE-384"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-384"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:siemens:7kg9501-0aa01-2aa1_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.50","matchCriteriaId":"821380FC-8F3A-4437-94FF-FB95D9F187D0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:siemens:7kg9501-0aa01-2aa1:-:*:*:*:*:*:*:*","matchCriteriaId":"275E9296-AACA-4F3B-B8FA-D52A59E729DE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:siemens:7kg9501-0aa31-2aa1_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.50","matchCriteriaId":"AEE155DF-AB9B-4A85-A845-AF1B51B05833"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:siemens:7kg9501-0aa31-2aa1:-:*:*:*:*:*:*:*","matchCriteriaId":"DC260D4F-53BD-433C-AE8F-FA2FA47BC921"}]}]}],"references":[{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-570294.pdf","source":"productcert@siemens.com","tags":["Mitigation","Patch","Vendor Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-887249.pdf","source":"productcert@siemens.com"},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-570294.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Patch","Vendor Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-887249.pdf","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}