Filtered by vendor Siemens Subscriptions
Filtered by product Q200 Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-31238 1 Siemens 2 Q200, Q200 Firmware 2024-11-21 5.5 Medium
A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60). Affected devices are missing cookie protection flags when using the default settings. An attacker who gains access to a session token can use it to impersonate a legitimate application user.
CVE-2023-30901 1 Siemens 2 Q200, Q200 Firmware 2024-11-21 4.3 Medium
A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user.