CVE: CVE-2022-24045

Export to Word

A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The application, after a successful login, sets the session cookie on the browser via client-side JavaScript code, without applying any security attributes (such as “Secure”, “HttpOnly”, or “SameSite”). Any attempts to browse the application via unencrypted HTTP protocol would lead to the transmission of all his/her session cookies in plaintext through the network. An attacker could then be able to sniff the network and capture sensitive information.

Threat-Mapped Scoring

Score: 3.0

Priority: P2 - Serious (High)

S1 – Steal Customer Account Information

EPSS

Score: 0.00521
Percentile: 0.65883

CVSS Scoring

CVSS v3.1 Score: 6.5

Severity: MEDIUM

Mapped CWE(s)

CWE-311 : Missing Encryption of Sensitive Data
CWE-614 : Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

All CAPEC(s)

CAPEC-102: Session Sidejacking
CAPEC-157: Sniffing Attacks
CAPEC-158: Sniffing Network Traffic
CAPEC-204: Lifting Sensitive Data Embedded in Cache
CAPEC-31: Accessing/Intercepting/Modifying HTTP Cookies
CAPEC-37: Retrieve Embedded Sensitive Data
CAPEC-383: Harvesting Information via API Event Monitoring
CAPEC-384: Application API Message Manipulation via Man-in-the-Middle
CAPEC-385: Transaction or Event Tampering via Application API Manipulation
CAPEC-386: Application API Navigation Remapping
CAPEC-387: Navigation Remapping To Propagate Malicious Content
CAPEC-388: Application API Button Hijacking
CAPEC-477: Signature Spoofing by Mixing Signed and Unsigned Content
CAPEC-609: Cellular Traffic Intercept
CAPEC-65: Sniff Application Code

CAPEC(s) with Mapped TTPs

CAPEC-158: Sniffing Network Traffic
Mapped TTPs:
- T1040 : Network Sniffing
- T1111 : Multi-Factor Authentication Interception
CAPEC-204: Lifting Sensitive Data Embedded in Cache
Mapped TTPs:
- T1005 : Data from Local System
CAPEC-31: Accessing/Intercepting/Modifying HTTP Cookies
Mapped TTPs:
- T1539 : Steal Web Session Cookie
CAPEC-37: Retrieve Embedded Sensitive Data
Mapped TTPs:
- T1005 : Data from Local System
- T1552.004 : Private Keys
CAPEC-383: Harvesting Information via API Event Monitoring
Mapped TTPs:
- T1056.004 : Credential API Hooking
CAPEC-609: Cellular Traffic Intercept
Mapped TTPs:
- T1111 : Multi-Factor Authentication Interception
CAPEC-65: Sniff Application Code
Mapped TTPs:
- T1040 : Network Sniffing

Mapped ATT&CK TTPs

T1040 : Network Sniffing
Kill Chain: credential-access
T1111 : Multi-Factor Authentication Interception
Kill Chain: credential-access
T1005 : Data from Local System
Kill Chain: collection
T1539 : Steal Web Session Cookie
Kill Chain: credential-access
T1005 : Data from Local System
Kill Chain: collection
T1552.004 : Private Keys
Kill Chain: credential-access
T1056.004 : Credential API Hooking
Kill Chain: collection
T1111 : Multi-Factor Authentication Interception
Kill Chain: credential-access
T1040 : Network Sniffing
Kill Chain: credential-access

Malware

APTs Threat Group Associations

Campaigns

Operation Wocao
ArcaneDoor
SolarWinds Compromise
Operation CuckooBees
CostaRicto
Operation Honeybee
2015 Ukraine Electric Power Attack
Operation Dream Job
C0015
Frankenstein
Night Dragon
Leviathan Australian Intrusions
Operation MidnightEclipse
C0017
Cutting Edge
C0026

Affected Products

cpe:2.3:o:siemens:desigo_dxr2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:desigo_pxc3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:desigo_pxc4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:desigo_pxc5_firmware:*:*:*:*:*:*:*:*

← Back to Home