A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S (All versions < V3.3), SIMATIC MV550 H (All versions < V3.3), SIMATIC MV550 S (All versions < V3.3), SIMATIC MV560 U (All versions < V3.3), SIMATIC MV560 X (All versions < V3.3). The web session management of affected devices does not invalidate session ids in certain logout scenarios. This could allow an authenticated remote attacker to hijack other users' sessions.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2022-07-12T10:06:44

Updated: 2024-08-03T08:01:19.904Z

Reserved: 2022-06-13T00:00:00

Link: CVE-2022-33137

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-07-12T10:15:10.707

Modified: 2024-11-21T07:07:35.047

Link: CVE-2022-33137

cve-icon Redhat

No data.