Siemens Products Session Management Vulnerability Allowing Session Hijacking

A vulnerability exists in multiple Siemens products, including SIMATIC PCS neo versions 4.0, 4.1 prior to 4.1 Update 2, and 5.0 prior to 5.0 Update 1, as well as SIMOCODE ES V19, SIRIUS Safety ES V19, and SIRIUS Soft Starter ES V19, all prior to V19 Update 1. Additionally, TIA Administrator versions prior to V3.0.4 are affected. The vulnerability arises from these products failing to properly invalidate user sessions upon logout, potentially allowing a remote unauthenticated attacker to reuse a legitimate user's session token after logout.

Impact

Exploitation of this vulnerability could lead to unauthorized access to a user's session, allowing an attacker to perform actions on behalf of the user.

Remediation

Users of TIA Administrator should update to version 3.0.4 or later. For SIMATIC PCS neo, TIA Portal users should update to V19 Update 1 or later. Siemens has also recommended closing the browser or client after logout and removing all locally stored session tokens as a general mitigation measure.