CSRF Vulnerability in Siemens SIMATIC S7-1200 CPU Devices
CVE-2015-5698

Currently unrated

Key Information:

Vendor: Siemens
Status: Simatic S7 1200 Cpu Firmware; Simatic S7 1200 Cpu
Vendor: CVE Published:; 30 August 2015

Summary

A CSRF vulnerability has been identified in the web server of Siemens SIMATIC S7-1200 CPU devices running firmware prior to version 4.1.3. This flaw enables remote attackers to manipulate the authentication of users, potentially leading to unauthorized actions. Attackers can exploit this vulnerability via unspecified methods, posing significant risks to the security of the networked systems using these devices.

References

http://www.securitytracker.com/id/1033419

vdb-entry

http://www.siemens.com/cert/pool/cert/siemens_security_ad...

https://ics-cert.us-cert.gov/advisories/ICSA-15-239-02

EPSS Score

12% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 30, 2015
Vulnerability Reserved
Jul 29, 2015