CVE-2022-40226

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-40226
A vulnerability has been identified in SICAM P850 (7KG8500-0AA00-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA00-2AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA10-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA10-2AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA30-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA30-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA01-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA01-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA02-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA02-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA11-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA11-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA12-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA12-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA31-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA31-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA32-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA32-2AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA00-0AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA00-2AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA10-0AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA10-2AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA30-0AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA30-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA01-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA01-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA02-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA02-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA11-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA11-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA12-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA12-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA31-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA31-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA32-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA32-2AA0) (All versions < V3.10), SICAM T (All versions < V3.0). Affected devices accept user defined session cookies and do not renew the session cookie after login/logout. This could allow an attacker to take over another user's session after login.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://cert-portal.siemens.com/productcert/html/ssa-471761.html
https://cert-portal.siemens.com/productcert/html/ssa-572005.html
https://cert-portal.siemens.com/productcert/pdf/ssa-572005.pdf Patch Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-572005.pdf Patch Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:siemens:7kg8500-0aa00-0aa0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:7kg8500-0aa00-0aa0:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:siemens:7kg8500-0aa00-2aa0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:7kg8500-0aa00-2aa0:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:siemens:7kg8500-0aa10-0aa0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:7kg8500-0aa10-0aa0:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:siemens:7kg8500-0aa10-2aa0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:7kg8500-0aa10-2aa0:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:siemens:7kg8500-0aa30-0aa0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:7kg8500-0aa30-0aa0:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:siemens:7kg8500-0aa30-2aa0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:7kg8500-0aa30-2aa0:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:siemens:7kg8501-0aa01-0aa0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:7kg8501-0aa01-0aa0:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:siemens:7kg8501-0aa01-2aa0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:7kg8501-0aa01-2aa0:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:siemens:7kg8501-0aa02-0aa0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:7kg8501-0aa02-0aa0:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:siemens:7kg8501-0aa02-2aa0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:7kg8501-0aa02-2aa0:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:siemens:7kg8501-0aa11-0aa0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:7kg8501-0aa11-0aa0:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:siemens:7kg8501-0aa11-2aa0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:7kg8501-0aa11-2aa0:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:siemens:7kg8501-0aa12-0aa0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:7kg8501-0aa12-0aa0:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:siemens:7kg8501-0aa12-2aa0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:7kg8501-0aa12-2aa0:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:siemens:7kg8501-0aa31-0aa0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:7kg8501-0aa31-0aa0:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:siemens:7kg8501-0aa31-2aa0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:7kg8501-0aa31-2aa0:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:siemens:7kg8501-0aa32-0aa0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:7kg8501-0aa32-0aa0:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:siemens:7kg8501-0aa32-2aa0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:7kg8501-0aa32-2aa0:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:siemens:7kg8550-0aa00-0aa0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:7kg8550-0aa00-0aa0:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:siemens:7kg8550-0aa00-2aa0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:7kg8550-0aa00-2aa0:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:siemens:7kg8550-0aa10-0aa0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:7kg8550-0aa10-0aa0:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:siemens:7kg8550-0aa10-2aa0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:7kg8550-0aa10-2aa0:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:siemens:7kg8550-0aa30-0aa0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:7kg8550-0aa30-0aa0:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:siemens:7kg8550-0aa30-2aa0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:7kg8550-0aa30-2aa0:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND
cpe:2.3:o:siemens:7kg8551-0aa01-0aa0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:7kg8551-0aa01-0aa0:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND
cpe:2.3:o:siemens:7kg8551-0aa01-2aa0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:7kg8551-0aa01-2aa0:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND
cpe:2.3:o:siemens:7kg8551-0aa02-0aa0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:7kg8551-0aa02-0aa0:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND
cpe:2.3:o:siemens:7kg8551-0aa02-2aa0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:7kg8551-0aa02-2aa0:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND
cpe:2.3:o:siemens:7kg8551-0aa11-0aa0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:7kg8551-0aa11-0aa0:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND
cpe:2.3:o:siemens:7kg8551-0aa11-2aa0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:7kg8551-0aa11-2aa0:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND
cpe:2.3:o:siemens:7kg8551-0aa12-0aa0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:7kg8551-0aa12-0aa0:-:*:*:*:*:*:*:*

Configuration 32 (hide)

AND
cpe:2.3:o:siemens:7kg8551-0aa12-2aa0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:7kg8551-0aa12-2aa0:-:*:*:*:*:*:*:*

Configuration 33 (hide)

AND
cpe:2.3:o:siemens:7kg8551-0aa31-0aa0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:7kg8551-0aa31-0aa0:-:*:*:*:*:*:*:*

Configuration 34 (hide)

AND
cpe:2.3:o:siemens:7kg8551-0aa31-2aa0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:7kg8551-0aa31-2aa0:-:*:*:*:*:*:*:*

Configuration 35 (hide)

AND
cpe:2.3:o:siemens:7kg8551-0aa32-0aa0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:7kg8551-0aa32-0aa0:-:*:*:*:*:*:*:*

Configuration 36 (hide)

AND
cpe:2.3:o:siemens:7kg8551-0aa32-2aa0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:7kg8551-0aa32-2aa0:-:*:*:*:*:*:*:*
History

09 Dec 2025, 16:17

Type Values Removed Values Added
Summary (en) A vulnerability has been identified in SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10). Affected devices accept user defined session cookies and do not renew the session cookie after login/logout. This could allow an attacker to take over another user's session after login. (en) A vulnerability has been identified in SICAM P850 (7KG8500-0AA00-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA00-2AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA10-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA10-2AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA30-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA30-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA01-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA01-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA02-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA02-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA11-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA11-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA12-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA12-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA31-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA31-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA32-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA32-2AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA00-0AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA00-2AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA10-0AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA10-2AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA30-0AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA30-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA01-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA01-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA02-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA02-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA11-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA11-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA12-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA12-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA31-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA31-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA32-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA32-2AA0) (All versions < V3.10), SICAM T (All versions < V3.0). Affected devices accept user defined session cookies and do not renew the session cookie after login/logout. This could allow an attacker to take over another user's session after login.
References
  • () https://cert-portal.siemens.com/productcert/html/ssa-471761.html -
  • () https://cert-portal.siemens.com/productcert/html/ssa-572005.html -

21 Nov 2024, 07:21

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 8.1 		v2 : unknown
v3 : 7.5
References () https://cert-portal.siemens.com/productcert/pdf/ssa-572005.pdf - Patch, Vendor Advisory () https://cert-portal.siemens.com/productcert/pdf/ssa-572005.pdf - Patch, Vendor Advisory
Information

Published : 2022-10-11 11:15

Updated : 2025-12-09 16:17

NVD link : CVE-2022-40226

Mitre link : CVE-2022-40226

CVE.ORG link : CVE-2022-40226

JSON object : View

Products Affected

siemens

  • 7kg8501-0aa31-0aa0
  • 7kg8500-0aa10-0aa0_firmware
  • 7kg8550-0aa10-0aa0_firmware
  • 7kg8551-0aa31-0aa0
  • 7kg8550-0aa00-2aa0
  • 7kg8551-0aa31-2aa0_firmware
  • 7kg8501-0aa02-0aa0_firmware
  • 7kg8550-0aa30-0aa0_firmware
  • 7kg8551-0aa31-0aa0_firmware
  • 7kg8551-0aa11-0aa0
  • 7kg8500-0aa30-0aa0_firmware
  • 7kg8550-0aa10-0aa0
  • 7kg8500-0aa10-2aa0_firmware
  • 7kg8551-0aa11-2aa0
  • 7kg8501-0aa32-2aa0
  • 7kg8551-0aa32-2aa0
  • 7kg8500-0aa10-0aa0
  • 7kg8551-0aa11-0aa0_firmware
  • 7kg8551-0aa01-0aa0_firmware
  • 7kg8551-0aa12-2aa0_firmware
  • 7kg8551-0aa32-0aa0
  • 7kg8501-0aa11-2aa0
  • 7kg8500-0aa00-0aa0_firmware
  • 7kg8500-0aa30-0aa0
  • 7kg8501-0aa12-0aa0
  • 7kg8501-0aa02-2aa0_firmware
  • 7kg8550-0aa30-0aa0
  • 7kg8501-0aa12-2aa0_firmware
  • 7kg8501-0aa11-0aa0_firmware
  • 7kg8501-0aa12-2aa0
  • 7kg8501-0aa32-2aa0_firmware
  • 7kg8550-0aa30-2aa0
  • 7kg8501-0aa32-0aa0_firmware
  • 7kg8501-0aa01-0aa0
  • 7kg8550-0aa10-2aa0_firmware
  • 7kg8551-0aa02-0aa0
  • 7kg8501-0aa12-0aa0_firmware
  • 7kg8500-0aa10-2aa0
  • 7kg8501-0aa02-0aa0
  • 7kg8551-0aa01-0aa0
  • 7kg8550-0aa00-0aa0_firmware
  • 7kg8550-0aa00-0aa0
  • 7kg8550-0aa00-2aa0_firmware
  • 7kg8500-0aa30-2aa0_firmware
  • 7kg8501-0aa31-2aa0_firmware
  • 7kg8551-0aa32-0aa0_firmware
  • 7kg8501-0aa32-0aa0
  • 7kg8551-0aa12-2aa0
  • 7kg8500-0aa00-2aa0_firmware
  • 7kg8501-0aa31-2aa0
  • 7kg8551-0aa12-0aa0_firmware
  • 7kg8551-0aa11-2aa0_firmware
  • 7kg8501-0aa31-0aa0_firmware
  • 7kg8551-0aa32-2aa0_firmware
  • 7kg8550-0aa10-2aa0
  • 7kg8500-0aa30-2aa0
  • 7kg8550-0aa30-2aa0_firmware
  • 7kg8551-0aa31-2aa0
  • 7kg8551-0aa02-0aa0_firmware
  • 7kg8551-0aa02-2aa0
  • 7kg8551-0aa02-2aa0_firmware
  • 7kg8551-0aa12-0aa0
  • 7kg8501-0aa02-2aa0
  • 7kg8500-0aa00-0aa0
  • 7kg8551-0aa01-2aa0
  • 7kg8501-0aa01-0aa0_firmware
  • 7kg8501-0aa11-2aa0_firmware
  • 7kg8501-0aa01-2aa0_firmware
  • 7kg8551-0aa01-2aa0_firmware
  • 7kg8500-0aa00-2aa0
  • 7kg8501-0aa01-2aa0
  • 7kg8501-0aa11-0aa0
CWE
CWE-384

Session Fixation