all InfoSec news
SSA-480095 V1.0: Vulnerabilities in the Web Interface of SICAM Q100 Devices before V2.60
Siemens ProductCERT Security Advisories cert-portal.siemens.com
The web server of SICAM Q100 devices, versions before V2.60, contains a Cross Site Request Forgery (CSRF) vulnerability and is missing cookie protection flags. This could allow an attacker to perform arbitrary actions on the device on behalf of a legitimate user, or impersonate that user.
Siemens has released new versions for the affected products and recommends to update to the latest versions.
actions attacker cookie csrf device devices forgery interface missing protection request server siemens ssa the web vulnerabilities vulnerability web web interface web server