CVE-2024-45386
Published: 11 February 2025
Description
A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SIMOCODE ES V19 (All versions < V19 Update 1), SIRIUS Safety ES V19 (TIA Portal) (All versions < V19 Update 1), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions < V19 Update 1), TIA Administrator (All versions < V3.0.4). Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauthenticated attacker, who has obtained the session token by other means, to re-use a legitimate user's session even after logout.
Security Summary
CVE-2024-45386 is a session management vulnerability (CWE-613) affecting multiple Siemens industrial automation products, including SIMATIC PCS neo V4.0 (all versions), SIMATIC PCS neo V4.1 (all versions prior to V4.1 Update 2), SIMATIC PCS neo V5.0 (all versions prior to V5.0 Update 1), SIMOCODE ES V19 (all versions prior to V19 Update 1), SIRIUS Safety ES V19 (TIA Portal) (all versions prior to V19 Update 1), SIRIUS Soft Starter ES V19 (TIA Portal) (all versions prior to V19 Update 1), and TIA Administrator (all versions prior to V3.0.4). The flaw occurs because these products fail to properly invalidate user sessions upon logout, with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
A remote unauthenticated attacker who obtains a session token through other means—such as network sniffing or shoulder surfing—can exploit this vulnerability by reusing the token to impersonate the legitimate user even after logout. Exploitation requires user interaction, but successful attacks could grant high-impact access to confidentiality, integrity, and availability of the affected systems.
Siemens security advisory SSA-342348, available at https://cert-portal.siemens.com/productcert/html/ssa-342348.html, provides details on the vulnerability and mitigation steps.
Details
- CWE(s)