CVE-2024-45386

CWE-613Insufficient Session Expiration3 documents3 sources
Severity
8.7HIGH
EPSS
0.2%
top 52.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Siemens Simatic PCS NEO V4.0Siemens Simatic PCS NEO V4.1Siemens Simatic PCS NEO V5.0+4 more
Timeline
PublishedFeb 11

Description

A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SIMOCODE ES V19 (All versions < V19 Update 1), SIRIUS Safety ES V19 (TIA Portal) (All versions < V19 Update 1), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions < V19 Update 1), TIA Administrator (All versions < V3.0.4). Affected products do not correctly invalidate user sessions upon user logout. This could all

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages7 packages

CVEListV5siemens/simatic_pcs_neo_v4.1< V4.1 Update 2
CVEListV5siemens/simatic_pcs_neo_v5.0< V5.0 Update 1

🔴Vulnerability Details

2
GHSA
GHSA-4688-8pmg-jw5w: A vulnerability has been identified in SIMATIC PCS neo V42025-02-11
CVEList
CVE-2024-45386: A vulnerability has been identified in SIMATIC PCS neo V42025-02-11
CVE-2024-45386 (HIGH CVSS 8.7) | A vulnerability has been identified | cvebase.io