CVE-2024-45386
First published: Tue Feb 11 2025(Updated: )
A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SIMOCODE ES V19 (All versions < V19 Update 1), SIRIUS Safety ES V19 (TIA Portal) (All versions < V19 Update 1), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions < V19 Update 1), TIA Administrator (All versions < V3.0.4). Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauthenticated attacker, who has obtained the session token by other means, to re-use a legitimate user's session even after logout.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens SIMATIC PCS neo V4.0 | =4.0<4.1 Update 2<5.0 Update 1 | |
| Siemens SIMOCODE ES | <19 Update 1 | |
| Siemens SIRIUS Safety ES | <19 Update 1 | |
| Siemens SIRIUS Soft Starter ES | <19 Update 1 | |
| siemens tia administrator | <3.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-45386?
The severity of CVE-2024-45386 has not been explicitly stated, but vulnerabilities in industrial control systems typically warrant urgent attention due to potential impacts on safety and security.
How do I fix CVE-2024-45386?
To fix CVE-2024-45386, update the affected software to the latest versions as specified in the vendor's security advisory.
What versions of SIMATIC PCS neo are affected by CVE-2024-45386?
CVE-2024-45386 affects all versions of SIMATIC PCS neo V4.0, all versions of V4.1 below V4.1 Update 2, and all versions of V5.0 below V5.0 Update 1.
Which Siemens products are impacted by CVE-2024-45386?
CVE-2024-45386 impacts Siemens SIMATIC PCS neo, SIMOCODE ES, SIRIUS Safety ES, SIRIUS Soft Starter ES, and TIA Administrator.
Is there a workaround for CVE-2024-45386?
Currently, no known workaround exists for CVE-2024-45386, so applying the updates is the recommended action.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/description
- agent/type
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/severity
- agent/last-modified-date
- agent/author
- agent/source
- agent/tags
- agent/event
- vendor/siemens
- canonical/siemens simatic pcs neo v4.0
- canonical/siemens simocode es
- canonical/siemens sirius safety es
- canonical/siemens sirius soft starter es
- canonical/siemens tia administrator