Attackers Can Redirect Users to Malicious URLs via Insecure Input Validation
CVE-2024-46886

5.1MEDIUM

Key Information:

Vendor: Siemens
Status: Simatic Drive Controller Cpu 1504d Tf; Simatic Drive Controller Cpu 1507d Tf; Simatic Et 200sp Cpu 1510sp F-1 Pn; Simatic Et 200sp Cpu 1510sp-1 Pn
Vendor: CVE Published:; 8 October 2024

What is CVE-2024-46886?

The web server of affected devices does not properly validate input that is used for a user redirection. This could allow an attacker to make the server redirect the legitimate user to an attacker-chosen URL. For a successful exploit, the legitimate user must actively click on an attacker-crafted link.

Affected Version(s)

SIMATIC Drive Controller CPU 1504D TF 0

SIMATIC Drive Controller CPU 1507D TF 0

SIMATIC ET 200SP CPU 1510SP F-1 PN 0

References

https://cert-portal.siemens.com/productcert/html/ssa-8767...

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 8, 2024
Vulnerability Reserved
Sep 12, 2024

Siemens

What is CVE-2024-46886?

Affected Version(s)

References

CVSS V4

Timeline