Main Vulnerability Database Vulnerabilities #VU18820

Session Fixation in LOGO! - CVE-2019-6584

Published: June 18, 2019

Vulnerability identifier: #VU18820

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2019-6584

CWE-ID: CWE-384

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Siemens

Affected software:
LOGO!

Detailed vulnerability description

The vulnerability allows a remote attacker to steal authenticated sessions.

The vulnerability exists due to the integrated webserver does not invalidate the Session ID upon user logout. A remote attacker, who is able to read the communication between the affected device and the user or who is able to obtain valid Session IDs through other means, can use it even after the user logs out.

How to mitigate CVE-2019-6584

Install updates from vendor's website.

Sources

https://cert-portal.siemens.com/productcert/pdf/ssa-774850.pdf

Session Fixation in LOGO! - CVE-2019-6584

Detailed vulnerability description

How to mitigate CVE-2019-6584

Sources

Please verify you're human