CVE-2022-33137
CVE-2022-33137
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
12 Jul 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S (All versions < V3.3), SIMATIC MV550 H (All versions < V3.3), SIMATIC MV550 S (All versions < V3.3), SIMATIC MV560 U (All versions < V3.3), SIMATIC MV560 X (All versions < V3.3). The web session management of affected devices does not invalidate session ids in certain logout scenarios. This could allow an authenticated remote attacker to hijack other users' sessions.
Affected products
Siemens · SIMATIC MV540 HSiemens · SIMATIC MV540 SSiemens · SIMATIC MV550 HSiemens · SIMATIC MV550 SSiemens · SIMATIC MV560 USiemens · SIMATIC MV560 XWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →