Primary

Context

Siemens Industrial Communication Devices Incorrect Authorization Vulnerability Allowing Session Termination

Vulnerability

Patched

A vulnerability exists in several Siemens industrial communication devices running SINEC OS versions prior to 3.2. The issue lies in the web interface's session termination functionality, which has an incorrect authorization check. This flaw could enable an authenticated remote attacker with a 'guest' role to terminate the sessions of legitimate users.

Impact

Exploitation of this vulnerability allows an authenticated remote attacker with a 'guest' role to terminate the sessions of legitimate users, potentially disrupting their activities.

Remediation

Siemens recommends updating to version 3.2 or later. For guidance on the update process, visit the Siemens Industry Support page.

Added: Jun 10, 2025, 4:40 PM

Updated: Jun 10, 2025, 4:40 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.6

exploitability

4.9

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.6

exploitability

4.9

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Siemens Industrial Communication Devices Incorrect Authorization Vulnerability Allowing Session Termination

Vulnerability

Impact

Remediation

Affected Products

Siemens RUGGEDCOM RST2428P

Siemens SCALANCE XC324-4 EEC

Siemens SCALANCE XC432

Siemens SCALANCE XR302-32

Siemens SCALANCE XR322-12

Siemens SCALANCE XR326-8

Siemens SCALANCE XR502-32

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating