CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-6584
https://notcve.org/view.php?id=CVE-2019-6584
A vulnerability has been identified in SIEMENS LOGO!8 (6ED1052-xyyxx-0BA8 FS:01 to FS:06 / Firmware version V1.80.xx and V1.81.xx), SIEMENS LOGO!8 (6ED1052-xyy08-0BA0 FS:01 / Firmware version < V1.82.02). The integrated webserver does not invalidate the Session ID upon user logout. An attacker that successfully extracted a valid Session ID is able to use it even after the user logs out. • https://cert-portal.siemens.com/productcert/pdf/ssa-774850.pdf • CWE-384: Session Fixation CWE-613: Insufficient Session Expiration •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-6571
https://notcve.org/view.php?id=CVE-2019-6571
A vulnerability has been identified in SIEMENS LOGO!8 (6ED1052-xyyxx-0BA8 FS:01 to FS:06 / Firmware version V1.80.xx and V1.81.xx), SIEMENS LOGO!8 (6ED1052-xyy08-0BA0 FS:01 / Firmware version < V1.82.02). An attacker with network access to port 10005/tcp of the LOGO! device could cause a Denial-of-Service condition by sending specially crafted packets. • https://cert-portal.siemens.com/productcert/pdf/ssa-774850.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •