Main Vulnerability Database SB2019061215

SB2019061215 - Session Fixation in Siemens LOGO!

Published: June 12, 2019 Updated: June 18, 2019

Security Bulletin ID SB2019061215

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Session Fixation (CVE-ID: CVE-2019-6584)

The vulnerability allows a remote attacker to steal authenticated sessions.

The vulnerability exists due to the integrated webserver does not invalidate the Session ID upon user logout. A remote attacker, who is able to read the communication between the affected device and the user or who is able to obtain valid Session IDs through other means, can use it even after the user logs out.

Remediation

Install update from vendor's website.

References

https://cert-portal.siemens.com/productcert/pdf/ssa-774850.pdf