Cross-Site Request Forgery Vulnerability in Siemens SIMATIC S7 PLC Devices
CVE-2014-2249

Currently unrated

Key Information:

Vendor
Siemens
Status
Simatic S7-1500 Cpu Firmware
Vendor
CVE Published:
16 March 2014

Summary

A cross-site request forgery (CSRF) vulnerability in Siemens SIMATIC S7-1500 and S7-1200 CPU PLC devices allows remote attackers to compromise the authentication of users. This occurs through exploitation of unknown vectors in devices running firmware prior to the specified versions, potentially enabling unauthorized access and control.

References

http://www.siemens.com/innovation/pool/de/forschungsfelde...
x_refsource_CONFIRM
http://www.siemens.com/innovation/pool/de/forschungsfelde...
x_refsource_CONFIRM
http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02
x_refsource_MISC

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.