CVE-2024-45386 – Siemens SIMATIC PCS neo Session Hijacking Vulnerability

A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SIMOCODE ES V19 (All versions < V19 Update 1), SIRIUS Safety ES V19 (TIA Portal) (All versions < V19 Update 1), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions < V19 Update 1), TIA Administrator (All versions < V3.0.4). Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauthenticated attacker, who has obtained the session token by other means, to re-use a legitimate user’s session even after logout.

نوشته های مشابه

CVE-2024-10644 – Ivanti Connect Secure and Ivanti Policy Secure Code Injection Vulnerability

CVE-2024-47908 – Ivanti CSA OS Command Injection Vulnerability

CVE-2025-22467 – Ivanti Connect Secure Stack-Based Buffer Overflow Vulnerability

CVE-2025-24896 – Misskey Persistent Authentication Token Vulnerability