CVE-2024-43099

Sept. 14, 2024, 11:47 a.m.

8.8
High

Description

The session hijacking attack targets the application layer's control mechanism, which manages authenticated sessions between a host PC and a PLC. During such sessions, a session key is utilized to maintain security. However, if an attacker captures this session key, they can inject traffic into an ongoing authenticated session. To successfully achieve this, the attacker also needs to spoof both the IP address and MAC address of the originating host which is typical of a session-based attack.

Product(s) Impacted

Product Versions
UNKNOWN

Weaknesses

CWE-294
Authentication Bypass by Capture-replay
A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-17

Tags

ics-cert@hq.dhs.gov
CWE-294
2024-09-13
CVE-2024-43099

CVSS Score

8.8 / 10

CVSS Data

  • Attack Vector: ADJACENT_NETWORK
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH
    • View Vector String

    CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Date

  • Published: Sept. 13, 2024, 5:15 p.m.
  • Last Modified: Sept. 14, 2024, 11:47 a.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

ics-cert@hq.dhs.gov

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.