What is the severity of CVE-2019-6584?

CVE-2019-6584 has been classified as a moderate severity vulnerability due to the potential for session hijacking.

How do I fix CVE-2019-6584?

To fix CVE-2019-6584, you should upgrade to firmware version V1.82.02 or later for affected Siemens Logo!8 devices.

What devices are affected by CVE-2019-6584?

CVE-2019-6584 affects Siemens LOGO!8 devices with firmware versions V1.80.xx and V1.81.xx, as well as V1.81.00 before upgrade.

What type of attack can be conducted due to CVE-2019-6584?

An attacker could exploit CVE-2019-6584 to perform session hijacking by not invalidating the Session ID upon user logout.

Has CVE-2019-6584 been patched?

Yes, CVE-2019-6584 can be addressed by updating the firmware to version V1.82.02 or higher.

Vulnerability/
CVE-2019-6584

high

8.8

CWE

613 384

12/6/2019

4/8/2024

CVE-2019-6584

First published: Wed Jun 12 2019(Updated: )

A vulnerability has been identified in SIEMENS LOGO!8 (6ED1052-xyyxx-0BA8 FS:01 to FS:06 / Firmware version V1.80.xx and V1.81.xx), SIEMENS LOGO!8 (6ED1052-xyy08-0BA0 FS:01 / Firmware version < V1.82.02). The integrated webserver does not invalidate the Session ID upon user logout. An attacker that successfully extracted a valid Session ID is able to use it even after the user logs out. The security vulnerability could be exploited by an attacker in a privileged network position who is able to read the communication between the affected device and the user or by an attacker who is able to obtain valid Session IDs through other means. The user must invoke a session to the affected device. At the time of advisory publication no public exploitation of this security vulnerability was known.

Credit: productcert@siemens.com

Affected Software	Affected Version	How to fix
Siemens Logo!8 Firmware	>=1.80.00<=1.81.00
Siemens Logo! 8
Siemens Logo!8 Firmware	<1.82.00

Remedy

https://cert-portal.siemens.com/productcert/pdf/ssa-774850.pdf

Never miss a vulnerability like this again

Reference Links

https://cert-portal.siemens.com/productcert/pdf/ssa-774850.pdf

Frequently Asked Questions

What is the severity of CVE-2019-6584?
CVE-2019-6584 has been classified as a moderate severity vulnerability due to the potential for session hijacking.
How do I fix CVE-2019-6584?
To fix CVE-2019-6584, you should upgrade to firmware version V1.82.02 or later for affected Siemens Logo!8 devices.
What devices are affected by CVE-2019-6584?
CVE-2019-6584 affects Siemens LOGO!8 devices with firmware versions V1.80.xx and V1.81.xx, as well as V1.81.00 before upgrade.
What type of attack can be conducted due to CVE-2019-6584?
An attacker could exploit CVE-2019-6584 to perform session hijacking by not invalidating the Session ID upon user logout.
Has CVE-2019-6584 been patched?
Yes, CVE-2019-6584 can be addressed by updating the firmware to version V1.82.02 or higher.

agent/weakness
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/remedy
agent/severity
agent/references
agent/last-modified-date
agent/author
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/siemens
canonical/siemens logo!8 firmware
version/siemens logo!8 firmware/1.80.00
version/siemens logo!8 firmware/1.81.00
canonical/siemens logo! 8

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.