CVE-2016-7090

Vulnerability

The integrated web server in Siemens SCALANCE M-800 and S615 modules with firmware versions before V4.02 sets session cookies without the Secure attribute over HTTPS sessions. This violates the CWE-614 guideline for sensitive cookies. The affected products are industrial routers (M-800) and security firewalls (S615) [1] [2].

Exploitation

A remote attacker with a privileged network position (e.g., man-in-the-middle on the same network segment) can intercept the session cookie when the victim's browser transmits it over an unencrypted HTTP session. The missing Secure flag allows the cookie to be sent over plain HTTP rather than enforcing HTTPS-only transmission [1].

Impact

Successful exploitation enables the attacker to capture the web session cookie and impersonate the authenticated user, leading to unauthorized access to the device's web management interface. This could allow exposure of configuration settings, modification of network routes, or disruption of industrial operations [1].

Mitigation

Siemens released firmware version V4.02 which addresses the issue. Users should upgrade to V4.02 or later. No workaround is documented. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities Catalog as of the publication date [1] [2].