Cyber Resilience

CVE-2024-45386

High

Published: 11 February 2025

Published
11 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0025 48.2th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-45386 is a high-severity Insufficient Session Expiration (CWE-613) vulnerability. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Steal Web Session Cookie (T1539); ranked at the 48.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-12 (Session Termination) and SC-23 (Session Authenticity).

Deeper analysis

CVE-2024-45386 is a session management vulnerability (CWE-613) affecting multiple Siemens industrial automation products, including SIMATIC PCS neo V4.0 (all versions), SIMATIC PCS neo V4.1 (all versions prior to V4.1 Update 2), SIMATIC PCS neo V5.0 (all versions prior to V5.0 Update 1), SIMOCODE ES V19 (all versions prior to V19 Update 1), SIRIUS Safety ES V19 (TIA Portal) (all versions prior to V19 Update 1), SIRIUS Soft Starter ES V19 (TIA Portal) (all versions prior to V19 Update 1), and TIA Administrator (all versions prior to V3.0.4). The flaw occurs because these products fail to properly invalidate user sessions upon logout, with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

A remote unauthenticated attacker who obtains a session token through other means—such as network sniffing or shoulder surfing—can exploit this vulnerability by reusing the token to impersonate the legitimate user even after logout. Exploitation requires user interaction, but successful attacks could grant high-impact access to confidentiality, integrity, and availability of the affected systems.

Siemens security advisory SSA-342348, available at https://cert-portal.siemens.com/productcert/html/ssa-342348.html, provides details on the vulnerability and mitigation steps.

EU & UK References

Vulnerability details

A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SIMOCODE ES V19 (All versions < V19 Update…

more

1), SIRIUS Safety ES V19 (TIA Portal) (All versions < V19 Update 1), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions < V19 Update 1), TIA Administrator (All versions < V3.0.4). Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauthenticated attacker, who has obtained the session token by other means, to re-use a legitimate user's session even after logout.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1539 Steal Web Session Cookie Credential Access
An adversary may steal web application or service session cookies and use them to gain access to web applications or Internet services as an authenticated user without needing credentials.
T1550.004 Web Session Cookie Lateral Movement
Adversaries can use stolen session cookies to authenticate to web applications and services.
Why these techniques?

Improper session invalidation (CWE-613) directly enables reuse of stolen session tokens for web/application impersonation, mapping to session cookie theft and alternate authentication material abuse.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-24896Shared CWE-613
CVE-2025-24973Shared CWE-613
CVE-2026-25476Shared CWE-613
CVE-2026-34828Shared CWE-613
CVE-2025-22386Shared CWE-613
CVE-2025-36377Shared CWE-613
CVE-2025-57735Shared CWE-613
CVE-2024-13996Shared CWE-613
CVE-2025-59786Shared CWE-613
CVE-2026-44511Shared CWE-613

Affected Assets

All
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

AC-12 requires automatic termination of user sessions upon logout or defined conditions, directly preventing reuse of session tokens after user logout.

prevent

SC-23 provides mechanisms to protect communications session authenticity, mitigating session hijacking via stolen tokens even post-logout.

prevent

SC-8 enforces confidentiality and integrity of transmitted information, reducing the risk of attackers obtaining session tokens via network sniffing.

References