CSRF Vulnerability in Siemens SIMATIC S7-1200 CPUs
CVE-2024-47100

7.1HIGH

Key Information:

Vendor: Siemens
Vendor: CVE Published:; 14 January 2025

Summary

This vulnerability allows unauthenticated attackers to exploit the web interface of the affected Siemens SIMATIC S7-1200 CPUs. By utilizing Cross-Site Request Forgery (CSRF) techniques, an attacker could potentially manipulate CPU settings by tricking a legitimate user with sufficient permissions to click on a malicious link. This manipulation could lead to unauthorized changes in operational modes, significantly affecting system integrity and security.

References

https://cert-portal.siemens.com/productcert/html/ssa-7171...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 14, 2025