CVE-2014-2249

Name of the Vulnerable Software and Affected Versions Siemens SIMATIC S7-1500 CPU PLC devices versions prior to 1.5.0 Siemens SIMATIC S7-1200 CPU PLC devices versions prior to 4.0

Description A cross-site request forgery (CSRF) issue affects the software, allowing remote attackers to hijack the authentication of victims via unknown vectors. The vulnerability is also described as affecting the embedded server of the Simatic S7-1200 programmable logic controller, specifically on port 80 TCP and port 443 TCP, enabling cross-site request forgery.

Recommendations For Siemens SIMATIC S7-1500 CPU PLC devices versions prior to 1.5.0, update the firmware to version 1.5.0 or later. For Siemens SIMATIC S7-1200 CPU PLC devices versions prior to 4.0, update the firmware to version 4.0 or later.