Session Hijacking Vulnerability in SIMATIC MV540 and MV550 Series

Session Hijacking Vulnerability in SIMATIC MV540 and MV550 Series

CVE-2022-33137 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S (All versions < V3.3), SIMATIC MV550 H (All versions < V3.3), SIMATIC MV550 S (All versions < V3.3), SIMATIC MV560 U (All versions < V3.3), SIMATIC MV560 X (All versions < V3.3). The web session management of affected devices does not invalidate session ids in certain logout scenarios. This could allow an authenticated remote attacker to hijack other users' sessions.

Learn more about our Cis Benchmark Audit For Apple Ios.