CVE-2024-45386: Siemens SIMATIC PCS neo V4.0/V4.1/V5.0 Session Fixation
CVE-2024-45386 Published on February 11, 2025
A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SIMOCODE ES V19 (All versions < V19 Update 1), SIRIUS Safety ES V19 (TIA Portal) (All versions < V19 Update 1), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions < V19 Update 1), TIA Administrator (All versions < V3.0.4). Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauthenticated attacker, who has obtained the session token by other means, to re-use a legitimate user's session even after logout.
Weakness Type
Insufficient Session Expiration
According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."
Products Associated with CVE-2024-45386
Want to know whenever a new CVE is published for Siemens Simatic Pcs Neo? stack.watch will email you.
Affected Versions
Siemens SIMATIC PCS neo V4.0:- Before * is affected.
- Before V4.1 Update 2 is affected.
- Before V5.0 Update 1 is affected.
- Before V19 Update 1 is affected.
- Before V19 Update 1 is affected.
- Before V19 Update 1 is affected.
- Before V3.0.4 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.