N/A

A vulnerability has been identified in SIEMENS LOGO!8 (6ED1052-xyyxx-0BA8 FS:01 to FS:06 / Firmware version V1.80.xx and V1.81.xx), SIEMENS LOGO!8 (6ED1052-xyy08-0BA0 FS:01 / Firmware version < V1.82.02). The integrated webserver does not invalidate the Session ID upon user logout. An attacker that successfully extracted a valid Session ID is able to use it even after the user logs out. The security vulnerability could be exploited by an attacker in a privileged network position who is able to read the communication between the affected device and the user or by an attacker who is able to obtain valid Session IDs through other means. The user must invoke a session to the affected device. At the time of advisory publication no public exploitation of this security vulnerability was known.

N/A

会话固定

Siemens LOGO!8 代码问题漏洞

Siemens LOGO!8是德国西门子（Siemens）公司的一款可编程逻辑控制器。 Siemens LOGO!8中存在代码问题漏洞。该漏洞源于网络系统或产品的代码开发过程中存在设计或实现不当的问题。以下产品及版本受到影响：使用v1.80.xx和v1.81.xx版本固件的Siemens LOGO!8 6ED1052-xyyxx-0BA8 FS:01至FS:06，使用v1.82.02之前版本固件的Siemens LOGO!8 6ED1052-xyy08-0BA0 FS:01。

N/A

N/A