CVE-2025-70973 identifies a session fixation vulnerability in ScadaBR version 1.12.4, a popular open-source SCADA and industrial automation platform. The vulnerability arises because the application assigns a JSESSIONID cookie to users before authentication but does not issue a new session identifier after successful login. This means that the session established prior to authentication remains valid and becomes authenticated once the user logs in. An attacker who can predict or obtain the victim's pre-login session ID can hijack the authenticated session, gaining unauthorized access to the victim's account and potentially sensitive control functions within the SCADA environment. The vulnerability does not require the attacker to authenticate or trick the user beyond the normal login process, making exploitation relatively straightforward if the session ID is known or intercepted. Although no public exploits are currently reported, the flaw represents a critical weakness in session management that could be leveraged in targeted attacks against industrial control systems. The lack of session ID regeneration violates best practices for secure session handling and exposes the system to session fixation attacks that compromise confidentiality and integrity of user sessions.

The impact of this vulnerability is significant for organizations using ScadaBR in industrial control and critical infrastructure environments. Successful exploitation allows attackers to hijack authenticated sessions, potentially gaining unauthorized access to control systems, altering operational parameters, or disrupting industrial processes. This can lead to operational downtime, safety hazards, data breaches, and loss of control over critical infrastructure components. Because SCADA systems often manage essential services such as utilities, manufacturing, and transportation, the consequences of session hijacking can extend beyond IT systems to physical and economic impacts. The vulnerability undermines user session integrity and confidentiality, increasing the risk of insider-like attacks without requiring direct credential compromise. Organizations worldwide relying on ScadaBR for automation and monitoring face elevated risks of targeted attacks aiming to disrupt or manipulate industrial operations.

To mitigate this vulnerability, organizations should implement the following specific measures: 1) Upgrade ScadaBR to a version that properly regenerates session identifiers upon successful authentication, if available. 2) If an upgrade is not immediately possible, implement custom session management controls to forcibly regenerate session IDs after login within the application or via web server configurations. 3) Employ secure cookie attributes such as HttpOnly and Secure flags to reduce session interception risks. 4) Monitor session activity for anomalies indicative of session fixation or hijacking attempts. 5) Use network-level protections such as VPNs and encrypted communication channels to prevent session ID interception. 6) Educate users and administrators about the risks of session fixation and encourage prompt logout after use. 7) Conduct regular security assessments and penetration testing focused on session management controls. These targeted actions go beyond generic advice by focusing on session regeneration and monitoring specific to the vulnerability's nature.