Cyber Posture

CVE-2024-45386

High

Published: 11 February 2025

Published
11 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0025 47.8th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-45386 is a high-severity Insufficient Session Expiration (CWE-613) vulnerability. Its CVSS base score is 8.8 (High).

Operationally, ranked at the 47.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-12 (Session Termination) and SC-23 (Session Authenticity).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-12 Session Termination good match
prevent

AC-12 requires automatic termination of user sessions upon logout or defined conditions, directly preventing reuse of session tokens after user logout.

SC-23 Session Authenticity good match
prevent

SC-23 provides mechanisms to protect communications session authenticity, mitigating session hijacking via stolen tokens even post-logout.

SC-8 Transmission Confidentiality and Integrity partial match
prevent

SC-8 enforces confidentiality and integrity of transmitted information, reducing the risk of attackers obtaining session tokens via network sniffing.

NVD Description

A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SIMOCODE ES V19 (All versions < V19 Update…

more

1), SIRIUS Safety ES V19 (TIA Portal) (All versions < V19 Update 1), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions < V19 Update 1), TIA Administrator (All versions < V3.0.4). Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauthenticated attacker, who has obtained the session token by other means, to re-use a legitimate user's session even after logout.

Deeper analysisAI

CVE-2024-45386 is a session management vulnerability (CWE-613) affecting multiple Siemens industrial automation products, including SIMATIC PCS neo V4.0 (all versions), SIMATIC PCS neo V4.1 (all versions prior to V4.1 Update 2), SIMATIC PCS neo V5.0 (all versions prior to V5.0 Update 1), SIMOCODE ES V19 (all versions prior to V19 Update 1), SIRIUS Safety ES V19 (TIA Portal) (all versions prior to V19 Update 1), SIRIUS Soft Starter ES V19 (TIA Portal) (all versions prior to V19 Update 1), and TIA Administrator (all versions prior to V3.0.4). The flaw occurs because these products fail to properly invalidate user sessions upon logout, with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

A remote unauthenticated attacker who obtains a session token through other means—such as network sniffing or shoulder surfing—can exploit this vulnerability by reusing the token to impersonate the legitimate user even after logout. Exploitation requires user interaction, but successful attacks could grant high-impact access to confidentiality, integrity, and availability of the affected systems.

Siemens security advisory SSA-342348, available at https://cert-portal.siemens.com/productcert/html/ssa-342348.html, provides details on the vulnerability and mitigation steps.

Details

CWE(s)
CWE-613

Affected Products

All
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2025-59786Shared CWE-613
CVE-2026-24912Shared CWE-613
CVE-2026-41902Shared CWE-613
CVE-2025-24973Shared CWE-613
CVE-2026-33417Shared CWE-613
CVE-2026-28275Shared CWE-613
CVE-2026-29092Shared CWE-613
CVE-2026-27649Shared CWE-613
CVE-2026-32663Shared CWE-613
CVE-2026-24669Shared CWE-613

References