CVE-2024-45386 - Vulnerability Details

Link	Providers
https://cert-portal.siemens.com/productcert/html/ssa-342348.html

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Type	Values Removed	Values Added
Description		A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SIMOCODE ES V19 (All versions < V19 Update 1), SIRIUS Safety ES V19 (TIA Portal) (All versions < V19 Update 1), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions < V19 Update 1), TIA Administrator (All versions < V3.0.4). Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauthenticated attacker, who has obtained the session token by other means, to re-use a legitimate user's session even after logout.
Weaknesses		CWE-613
References		https://cert-portal.siemens.com/productcert/html/ssa-342348.html
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}` cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}`

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-45386", "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "state": "PUBLISHED", "assignerShortName": "siemens", "dateReserved": "2024-08-28T15:11:54.494Z", "datePublished": "2025-02-11T10:28:44.675Z", "dateUpdated": "2025-02-11T14:38:30.854Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens", "dateUpdated": "2025-02-11T10:28:44.675Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SIMOCODE ES V19 (All versions < V19 Update 1), SIRIUS Safety ES V19 (TIA Portal) (All versions < V19 Update 1), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions < V19 Update 1), TIA Administrator (All versions < V3.0.4). Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauthenticated attacker, who has obtained the session token by other means, to re-use a legitimate user's session even after logout."}], "affected": [{"vendor": "Siemens", "product": "SIMATIC PCS neo V4.0", "versions": [{"status": "affected", "version": "0", "lessThan": "*", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMATIC PCS neo V4.1", "versions": [{"status": "affected", "version": "0", "lessThan": "V4.1 Update 2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMATIC PCS neo V5.0", "versions": [{"status": "affected", "version": "0", "lessThan": "V5.0 Update 1", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMOCODE ES V19", "versions": [{"status": "affected", "version": "0", "lessThan": "V19 Update 1", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIRIUS Safety ES V19 (TIA Portal)", "versions": [{"status": "affected", "version": "0", "lessThan": "V19 Update 1", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIRIUS Soft Starter ES V19 (TIA Portal)", "versions": [{"status": "affected", "version": "0", "lessThan": "V19 Update 1", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "TIA Administrator", "versions": [{"status": "affected", "version": "0", "lessThan": "V3.0.4", "versionType": "custom"}], "defaultStatus": "unknown"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}, {"cvssV4_0": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "baseScore": 8.7, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-613", "description": "CWE-613: Insufficient Session Expiration", "type": "CWE"}]}], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-342348.html"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-11T14:38:23.091006Z", "id": "CVE-2024-45386", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-11T14:38:30.854Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2024-45386 (string)

assignerOrgId : cec7a2ec-15b4-4faf-bd53-b40f371f3a77 (string)

state : PUBLISHED (string)

assignerShortName : siemens (string)

dateReserved : 2024-08-28T15:11:54.494Z (string)

datePublished : 2025-02-11T10:28:44.675Z (string)

dateUpdated : 2025-02-11T14:38:30.854Z (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : cec7a2ec-15b4-4faf-bd53-b40f371f3a77 (string)

shortName : siemens (string)

dateUpdated : 2025-02-11T10:28:44.675Z (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SIMOCODE ES V19 (All versions < V19 Update 1), SIRIUS Safety ES V19 (TIA Portal) (All versions < V19 Update 1), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions < V19 Update 1), TIA Administrator (All versions < V3.0.4). Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauthenticated attacker, who has obtained the session token by other means, to re-use a legitimate user's session even after logout. (string)

}

]

affected : [ »

0 : { »

vendor : Siemens (string)

product : SIMATIC PCS neo V4.0 (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

lessThan : * (string)

versionType : custom (string)

}

]

defaultStatus : unknown (string)

}

1 : { »

vendor : Siemens (string)

product : SIMATIC PCS neo V4.1 (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

lessThan : V4.1 Update 2 (string)

versionType : custom (string)

}

]

defaultStatus : unknown (string)

}

2 : { »

vendor : Siemens (string)

product : SIMATIC PCS neo V5.0 (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

lessThan : V5.0 Update 1 (string)

versionType : custom (string)

}

]

defaultStatus : unknown (string)

}

3 : { »

vendor : Siemens (string)

product : SIMOCODE ES V19 (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

lessThan : V19 Update 1 (string)

versionType : custom (string)

}

]

defaultStatus : unknown (string)

}

4 : { »

vendor : Siemens (string)

product : SIRIUS Safety ES V19 (TIA Portal) (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

lessThan : V19 Update 1 (string)

versionType : custom (string)

}

]

defaultStatus : unknown (string)

}

5 : { »

vendor : Siemens (string)

product : SIRIUS Soft Starter ES V19 (TIA Portal) (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

lessThan : V19 Update 1 (string)

versionType : custom (string)

}

]

defaultStatus : unknown (string)

}

6 : { »

vendor : Siemens (string)

product : TIA Administrator (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

lessThan : V3.0.4 (string)

versionType : custom (string)

}

]

defaultStatus : unknown (string)

}

]

metrics : [ »

0 : { »

cvssV3_1 : { »

version : 3.1 (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (string)

baseScore : 8.8 (number)

baseSeverity : HIGH (string)

}

1 : { »

cvssV4_0 : { »

version : 4.0 (string)

vectorString : CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N (string)

baseScore : 8.7 (number)

baseSeverity : HIGH (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

cweId : CWE-613 (string)

description : CWE-613: Insufficient Session Expiration (string)

type : CWE (string)

}

]

}

]

references : [ »

0 : { »

url : https://cert-portal.siemens.com/productcert/html/ssa-342348.html (string)

}

]

}

adp : [ »

0 : { »

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2025-02-11T14:38:23.091006Z (string)

id : CVE-2024-45386 (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : total (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2025-02-11T14:38:30.854Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-45386", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-11T14:38:23.091006Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-11T14:38:26.776Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}, {"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}], "affected": [{"vendor": "Siemens", "product": "SIMATIC PCS neo V4.0", "versions": [{"status": "affected", "version": "0", "lessThan": "*", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMATIC PCS neo V4.1", "versions": [{"status": "affected", "version": "0", "lessThan": "V4.1 Update 2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMATIC PCS neo V5.0", "versions": [{"status": "affected", "version": "0", "lessThan": "V5.0 Update 1", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMOCODE ES V19", "versions": [{"status": "affected", "version": "0", "lessThan": "V19 Update 1", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIRIUS Safety ES V19 (TIA Portal)", "versions": [{"status": "affected", "version": "0", "lessThan": "V19 Update 1", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIRIUS Soft Starter ES V19 (TIA Portal)", "versions": [{"status": "affected", "version": "0", "lessThan": "V19 Update 1", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "TIA Administrator", "versions": [{"status": "affected", "version": "0", "lessThan": "V3.0.4", "versionType": "custom"}], "defaultStatus": "unknown"}], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-342348.html"}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SIMOCODE ES V19 (All versions < V19 Update 1), SIRIUS Safety ES V19 (TIA Portal) (All versions < V19 Update 1), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions < V19 Update 1), TIA Administrator (All versions < V3.0.4). Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauthenticated attacker, who has obtained the session token by other means, to re-use a legitimate user's session even after logout."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-613", "description": "CWE-613: Insufficient Session Expiration"}]}], "providerMetadata": {"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens", "dateUpdated": "2025-02-11T10:28:44.675Z"}}}, "cveMetadata": {"cveId": "CVE-2024-45386", "state": "PUBLISHED", "dateUpdated": "2025-02-11T14:38:30.854Z", "dateReserved": "2024-08-28T15:11:54.494Z", "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "datePublished": "2025-02-11T10:28:44.675Z", "assignerShortName": "siemens"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2024-45386 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : total (string)

}

]

version : 2.0.3 (string)

timestamp : 2025-02-11T14:38:23.091006Z (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2025-02-11T14:38:26.776Z (string)

}

]

cna : { »

metrics : [ »

0 : { »

cvssV3_1 : { »

version : 3.1 (string)

baseScore : 8.8 (number)

baseSeverity : HIGH (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (string)

}

1 : { »

cvssV4_0 : { »

version : 4.0 (string)

baseScore : 8.7 (number)

baseSeverity : HIGH (string)

vectorString : CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N (string)

}

]

affected : [ »

0 : { »

vendor : Siemens (string)

product : SIMATIC PCS neo V4.0 (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

lessThan : * (string)

versionType : custom (string)

}

]

defaultStatus : unknown (string)

}

1 : { »

vendor : Siemens (string)

product : SIMATIC PCS neo V4.1 (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

lessThan : V4.1 Update 2 (string)

versionType : custom (string)

}

]

defaultStatus : unknown (string)

}

2 : { »

vendor : Siemens (string)

product : SIMATIC PCS neo V5.0 (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

lessThan : V5.0 Update 1 (string)

versionType : custom (string)

}

]

defaultStatus : unknown (string)

}

3 : { »

vendor : Siemens (string)

product : SIMOCODE ES V19 (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

lessThan : V19 Update 1 (string)

versionType : custom (string)

}

]

defaultStatus : unknown (string)

}

4 : { »

vendor : Siemens (string)

product : SIRIUS Safety ES V19 (TIA Portal) (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

lessThan : V19 Update 1 (string)

versionType : custom (string)

}

]

defaultStatus : unknown (string)

}

5 : { »

vendor : Siemens (string)

product : SIRIUS Soft Starter ES V19 (TIA Portal) (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

lessThan : V19 Update 1 (string)

versionType : custom (string)

}

]

defaultStatus : unknown (string)

}

6 : { »

vendor : Siemens (string)

product : TIA Administrator (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

lessThan : V3.0.4 (string)

versionType : custom (string)

}

]

defaultStatus : unknown (string)

}

]

references : [ »

0 : { »

url : https://cert-portal.siemens.com/productcert/html/ssa-342348.html (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SIMOCODE ES V19 (All versions < V19 Update 1), SIRIUS Safety ES V19 (TIA Portal) (All versions < V19 Update 1), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions < V19 Update 1), TIA Administrator (All versions < V3.0.4). Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauthenticated attacker, who has obtained the session token by other means, to re-use a legitimate user's session even after logout. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : CWE (string)

cweId : CWE-613 (string)

description : CWE-613: Insufficient Session Expiration (string)

}

]

}

]

providerMetadata : { »

orgId : cec7a2ec-15b4-4faf-bd53-b40f371f3a77 (string)

shortName : siemens (string)

dateUpdated : 2025-02-11T10:28:44.675Z (string)

}

cveMetadata : { »

cveId : CVE-2024-45386 (string)

state : PUBLISHED (string)

dateUpdated : 2025-02-11T14:38:30.854Z (string)

dateReserved : 2024-08-28T15:11:54.494Z (string)

assignerOrgId : cec7a2ec-15b4-4faf-bd53-b40f371f3a77 (string)

datePublished : 2025-02-11T10:28:44.675Z (string)

assignerShortName : siemens (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SIMOCODE ES V19 (All versions < V19 Update 1), SIRIUS Safety ES V19 (TIA Portal) (All versions < V19 Update 1), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions < V19 Update 1), TIA Administrator (All versions < V3.0.4). Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauthenticated attacker, who has obtained the session token by other means, to re-use a legitimate user's session even after logout."}], "id": "CVE-2024-45386", "lastModified": "2025-02-11T11:15:13.627", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "productcert@siemens.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "HIGH"}, "source": "productcert@siemens.com", "type": "Secondary"}]}, "published": "2025-02-11T11:15:13.627", "references": [{"source": "productcert@siemens.com", "url": "https://cert-portal.siemens.com/productcert/html/ssa-342348.html"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-613"}], "source": "productcert@siemens.com", "type": "Primary"}]}

{

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SIMOCODE ES V19 (All versions < V19 Update 1), SIRIUS Safety ES V19 (TIA Portal) (All versions < V19 Update 1), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions < V19 Update 1), TIA Administrator (All versions < V3.0.4). Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauthenticated attacker, who has obtained the session token by other means, to re-use a legitimate user's session even after logout. (string)

}

]

id : CVE-2024-45386 (string)

lastModified : 2025-02-11T11:15:13.627 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 8.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 5.9 (number)

source : productcert@siemens.com (string)

type : Primary (string)

}

]

cvssMetricV40 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackRequirements : NONE (string)

attackVector : NETWORK (string)

automatable : NOT_DEFINED (string)

availabilityRequirements : NOT_DEFINED (string)

baseScore : 8.7 (number)

baseSeverity : HIGH (string)

confidentialityRequirements : NOT_DEFINED (string)

exploitMaturity : NOT_DEFINED (string)

integrityRequirements : NOT_DEFINED (string)

modifiedAttackComplexity : NOT_DEFINED (string)

modifiedAttackRequirements : NOT_DEFINED (string)

modifiedAttackVector : NOT_DEFINED (string)

modifiedPrivilegesRequired : NOT_DEFINED (string)

modifiedSubsequentSystemAvailability : NOT_DEFINED (string)

modifiedSubsequentSystemConfidentiality : NOT_DEFINED (string)

modifiedSubsequentSystemIntegrity : NOT_DEFINED (string)

modifiedUserInteraction : NOT_DEFINED (string)

modifiedVulnerableSystemAvailability : NOT_DEFINED (string)

modifiedVulnerableSystemConfidentiality : NOT_DEFINED (string)

modifiedVulnerableSystemIntegrity : NOT_DEFINED (string)

privilegesRequired : NONE (string)

providerUrgency : NOT_DEFINED (string)

recovery : NOT_DEFINED (string)

safety : NOT_DEFINED (string)

subsequentSystemAvailability : NONE (string)

subsequentSystemConfidentiality : NONE (string)

subsequentSystemIntegrity : NONE (string)

userInteraction : PASSIVE (string)

valueDensity : NOT_DEFINED (string)

vectorString : CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X (string)

version : 4.0 (string)

vulnerabilityResponseEffort : NOT_DEFINED (string)

vulnerableSystemAvailability : HIGH (string)

vulnerableSystemConfidentiality : HIGH (string)

vulnerableSystemIntegrity : HIGH (string)

}

source : productcert@siemens.com (string)

type : Secondary (string)

}

]

}

published : 2025-02-11T11:15:13.627 (string)

references : [ »

0 : { »

source : productcert@siemens.com (string)

url : https://cert-portal.siemens.com/productcert/html/ssa-342348.html (string)

}

]

sourceIdentifier : productcert@siemens.com (string)

vulnStatus : Received (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-613 (string)

}

]

source : productcert@siemens.com (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object