CVE-2024-43099

Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned in the provided descriptions.

Description The issue concerns a session hijacking attack targeting the application layer's control mechanism. This mechanism manages authenticated sessions between a host PC and a Programmable Logic Controller (PLC). During these sessions, a session key is used for security. However, if an attacker captures this session key, they can inject traffic into an ongoing authenticated session. To achieve this, the attacker must also spoof both the IP address and the MAC address of the originating host, which is typical of session-based attacks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.