Volerion logoVolerion
Volerion logoVolerion

Siemens SIMATIC PCS neo Session Management Vulnerability Allowing Session Hijacking

Vulnerability

A session management vulnerability has been identified in Siemens SIMATIC PCS neo versions 4.1 (all versions prior to 4.1 Update 3) and 5.0 (all versions prior to 5.0 Update 1). The vulnerability arises because these versions do not properly invalidate user sessions upon logout. This flaw could enable a remote, unauthenticated attacker who has intercepted a session token to reuse a legitimate user's session even after the user has logged out.

Impact

Exploitation of this vulnerability could lead to session hijacking, allowing an attacker to impersonate a user by reusing their session token.

Remediation

Siemens has released updates for the affected products. Users are advised to update to the latest versions. For general security recommendations, Siemens suggests protecting network access to devices with appropriate measures and following the operational guidelines for Industrial Security.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
2.6
impact
7.5
exploitability
7.0
remediation
7.7
relevance
0.0
threat
0.0
urgency
2.9
incentive
5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.