Insecure Session Cookie Handling in Siemens SCALANCE M-800 and S615 Modules

Insecure Session Cookie Handling in Siemens SCALANCE M-800 and S615 Modules

CVE-2016-7090 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

The integrated web server on Siemens SCALANCE M-800 and S615 modules with firmware before 4.02 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

Learn more about our Web App Pen Testing.