Description
An Insufficient Session Expiration issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The user's session is available for an extended period beyond the last activity, allowing an attacker to reuse an old session for authorization.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101259
Mitigation, Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-17-285-01
Scores
CVSS v3
5.6
EPSS
0.0091
EPSS Percentile
55.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-613
Status
published
Products (2)
n/a/ProMinent MultiFLEX M10a Controller
ProMinent MultiFLEX M10a Controller
prominent/multiflex_m10a_controller_firmware
Published
Oct 17, 2017
Tracked Since
Feb 18, 2026