SSA-342348 — Vulnetix

SSA-342348 PUBLISHED CVSS 8.800000190734863 HIGH

Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauthenticated attacker, who has obtained the session token by other means, to re-use a legitimate user's session even after logout.

Risk Scores

CVSS 3.1

8.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Siemens	SIRIUS Safety ES V19 (TIA Portal)
Siemens	SIMATIC PCS neo V4.0
Siemens	TIA Administrator
Siemens	SIRIUS Soft Starter ES V19 (TIA Portal)
Siemens	SIMATIC PCS neo V4.1
Siemens	SIMATIC PCS neo V5.0
Siemens	SIMOCODE ES V19

Timeline

Feb 11, 2025 CVE Published

References

https://cert-portal.siemens.com/productcert/csaf/ssa-342348.json advisory
https://cert-portal.siemens.com/productcert/html/ssa-342348.html advisory
https://support.industry.siemens.com/cs/ww/en/view/109977244/ patch

Open in Interactive Console →