CVE-2023-31238
Description
A vulnerability has been identified in SICAM P850 (7KG8500-0AA00-0AA0) (All versions < V3.11), SICAM P850 (7KG8500-0AA00-2AA0) (All versions < V3.11), SICAM P850 (7KG8500-0AA10-0AA0) (All versions < V3.11), SICAM P850 (7KG8500-0AA10-2AA0) (All versions < V3.11), SICAM P850 (7KG8500-0AA30-0AA0) (All versions < V3.11), SICAM P850 (7KG8500-0AA30-2AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA01-0AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA01-2AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA02-0AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA02-2AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA11-0AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA11-2AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA12-0AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA12-2AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA31-0AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA31-2AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA32-0AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA32-2AA0) (All versions < V3.11), SICAM P855 (7KG8550-0AA00-0AA0) (All versions < V3.11), SICAM P855 (7KG8550-0AA00-2AA0) (All versions < V3.11), SICAM P855 (7KG8550-0AA10-0AA0) (All versions < V3.11), SICAM P855 (7KG8550-0AA10-2AA0) (All versions < V3.11), SICAM P855 (7KG8550-0AA30-0AA0) (All versions < V3.11), SICAM P855 (7KG8550-0AA30-2AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA01-0AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA01-2AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA02-0AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA02-2AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA11-0AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA11-2AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA12-0AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA12-2AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA31-0AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA31-2AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA32-0AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA32-2AA0) (All versions < V3.11), SICAM T (All versions < V3.0). Affected devices are missing cookie protection flags when using the default settings. An attacker who gains access to a session token can use it to impersonate a legitimate application user.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A CSRF vulnerability and missing cookie protection flags in the web server of Siemens SICAM P850 and P855 devices before V3.11 allow attackers to perform actions on behalf of authenticated users.
Vulnerability
The web server of Siemens SICAM P850 and SICAM P855 devices (all versions before V3.11) contains a Cross-Site Request Forgery (CSRF) vulnerability and is missing cookie protection flags such as Secure and HttpOnly [3]. This allows an attacker to craft malicious requests that are executed in the context of an authenticated user's session.
Exploitation
An attacker can exploit this by tricking a logged-in user into clicking a malicious link or visiting a crafted webpage while authenticated to the device. No authentication is required for the attacker, but the victim must be authenticated. The attacker does not need network access to the device if the victim is on the same network or can be socially engineered.
Impact
Successful exploitation allows the attacker to perform arbitrary actions on the device on behalf of the victim, such as changing configuration settings, triggering operations, or exfiltrating data. The attacker can also impersonate the user due to missing cookie protection flags, potentially leading to session hijacking.
Mitigation
Siemens has released version V3.11 for the affected products [3]. As workarounds, restrict access to port 443/tcp to trusted IP addresses only and avoid accessing links from untrusted sources while logged in [1][2][3]. No KEV listing is mentioned.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
6- Range: < V3.0
- Range: < V3.11
- Range: < V3.11
- Siemens/SICAM P850v5Range: 0
- Siemens/SICAM P855v5Range: 0
- Siemens/SICAM Tv5Range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- cert-portal.siemens.com/productcert/html/ssa-201498.htmlmitre
- cert-portal.siemens.com/productcert/html/ssa-471761.htmlmitre
- cert-portal.siemens.com/productcert/html/ssa-480095.htmlmitre
- cert-portal.siemens.com/productcert/html/ssa-887249.htmlmitre
- cert-portal.siemens.com/productcert/pdf/ssa-480095.pdfmitre
- cert-portal.siemens.com/productcert/pdf/ssa-887249.pdfmitre
News mentions
0No linked articles in our index yet.