As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
1. EXECUTIVE SUMMARY
- CVSS v4 8.7
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SIMATIC PCS neo
- Vulnerability: Insufficient Session Expiration
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow a remote unauthenticated attacker, who has obtained the session token by other means, to re-use a legitimate user’s session even after logout.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Siemens reports that the following products are affected:
- SIMATIC PCS neo V4.1: All versions prior to V4.1 Update 3
- SIMATIC PCS neo V5.0: All versions prior to V5.0 Update 1
3.2 VULNERABILITY OVERVIEW
3.2.1 INSUFFICIENT SESSION EXPIRATION CWE-613
Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauthenticated attacker, who has obtained the session token by other means, to re-use a legitimate user’s session even after logout.
Read the original article: