Primary

Context

ESPEC North America Web Controller Session Privilege Not Revoked on Logout Vulnerability

Vulnerability

A vulnerability exists in ESPEC North America Web Controller versions 3.0.0 prior to 3.3.8, where session privileges are not properly revoked upon user logout. This issue allows JavaScript Web Tokens (JWT) to remain valid even after a user has logged out.

Impact

Exploitation of this vulnerability allows for session fixation, where a logged-out user's session token remains valid, potentially leading to unauthorized access.

Remediation

Users can update the Web Controller firmware to version 3.3.8 or newer to address this vulnerability. After updating, all tokens generated before the update will be invalidated, and users must re-login to the system.

Added: Aug 14, 2025, 4:12 PM

Updated: Aug 14, 2025, 4:12 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ESPEC North America Web Controller Session Privilege Not Revoked on Logout Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating