Risk Scores
CVSS v3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | SIMATIC PCS neo V5.0 | |
| Siemens | SIMATIC PCS neo V4.1 |
Timeline
- May 13, 2025 CVE Published
Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauthenticated attacker, who has obtained the session token by other means, to re-use a legitimate user's session even after logout.
| Vendor | Product | Versions |
|---|---|---|
| Siemens | SIMATIC PCS neo V5.0 | |
| Siemens | SIMATIC PCS neo V4.1 |