CVE-2024-43099

The session hijacking attack targets the application layer's control mechanism, which manages authenticated sessions between a host PC and a PLC. During such sessions, a session key is utilized to maintain security. However, if an attacker captures this session key, they can inject traffic into an ongoing authenticated session. To successfully achieve this, the attacker also needs to spoof both the IP address and MAC address of the originating host which is typical of a session-based attack.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-17

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) El ataque de secuestro de sesión tiene como objetivo el mecanismo de control de la capa de aplicación, que gestiona las sesiones autenticadas entre un PC host y un PLC. Durante dichas sesiones, se utiliza una clave de sesión para mantener la seguridad. Sin embargo, si un atacante captura esta clave de sesión, puede inyectar tráfico en una sesión autenticada en curso. Para lograrlo con éxito, el atacante también necesita falsificar tanto la dirección IP como la dirección MAC del host de origen, lo que es típico de un ataque basado en sesiones.

13 Sep 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-13 17:15

Updated : 2026-04-15 00:35

NVD link : CVE-2024-43099

Mitre link : CVE-2024-43099

CVE.ORG link : CVE-2024-43099

JSON object : View

Products Affected

No product.

CWE

CWE-294

Authentication Bypass by Capture-replay

{"id": "CVE-2024-43099", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2024-09-13T17:15:12.527", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-17", "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-294"}]}], "descriptions": [{"lang": "en", "value": "The session hijacking attack targets the application layer's control mechanism, which manages authenticated sessions between a host PC and a PLC. During such sessions, a session key is utilized to maintain security. However, if an attacker captures this session key, they can inject traffic into an ongoing authenticated session. To successfully achieve this, the attacker also needs to spoof both the IP address and MAC address of the originating host which is typical of a session-based attack."}, {"lang": "es", "value": "El ataque de secuestro de sesi\u00f3n tiene como objetivo el mecanismo de control de la capa de aplicaci\u00f3n, que gestiona las sesiones autenticadas entre un PC host y un PLC. Durante dichas sesiones, se utiliza una clave de sesi\u00f3n para mantener la seguridad. Sin embargo, si un atacante captura esta clave de sesi\u00f3n, puede inyectar tr\u00e1fico en una sesi\u00f3n autenticada en curso. Para lograrlo con \u00e9xito, el atacante tambi\u00e9n necesita falsificar tanto la direcci\u00f3n IP como la direcci\u00f3n MAC del host de origen, lo que es t\u00edpico de un ataque basado en sesiones."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "ics-cert@hq.dhs.gov"}