CVE-2018-13800

Published: Oct 10, 2018Modified: Nov 21, 2024

7.3

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Exploitability: 2.1 / Impact: 5.2

Source: NVD

Description

A vulnerability has been identified in SIMATIC S7-1200 CPU family version 4 (All versions < V4.2.3). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user, who must be authenticated to the web interface. A successful attack could allow an attacker to trigger actions via the web interface that the legitimate user is allowed to perform. This could allow the attacker to read or modify parts of the device configuration.

Affected (1)

Products: Siemens: Simatic S7 1200 V4 Firmware

1 product

Simatic S7 1200 V4 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic S7 1200 V4 Firmware	Before 4.2.3

Running on/with	Platform Versions
Siemens Simatic S7 1200 V4	All versions

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

http://www.securityfocus.com/bid/105542

Source: productcert@siemens.com

Third Party AdvisoryVDB Entry

https://cert-portal.siemens.com/productcert/pdf/ssa-507847.pdf

Source: productcert@siemens.com

Vendor Advisory

http://www.securityfocus.com/bid/105542

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://cert-portal.siemens.com/productcert/pdf/ssa-507847.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.