← Retour aux CVEs
CVE-2025-70973
MEDIUM4.8
Description
ScadaBR 1.12.4 is vulnerable to Session Fixation. The application assigns a JSESSIONID session cookie to unauthenticated users and does not regenerate the session identifier after successful authentication. As a result, a session created prior to login becomes authenticated once the victim logs in, allowing an attacker who knows the session ID to hijack an authenticated session.
Details CVE
Score CVSS v3.14.8
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Vecteur d'attaqueNETWORK
ComplexiteHIGH
Privileges requisNONE
Interaction utilisateurNONE
Publie3/9/2026
Derniere modification3/11/2026
Sourcenvd
Observations honeypot0
Faiblesses (CWE)
CWE-384
References
https://github.com/chiranjib2001/ScadaBR/blob/main/README.md(cve@mitre.org)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.