CVE-2018-13800

Name of the Vulnerable Software and Affected Versions SIMATIC S7-1200 CPU family versions prior to V4.2.3

Description A security issue has been identified that could allow a Cross-Site Request Forgery (CSRF) attack through the web interface. This attack requires user interaction by a legitimate user who must be authenticated to the web interface. If successful, an attacker could trigger actions via the web interface that the legitimate user is allowed to perform, potentially allowing the attacker to read or modify parts of the device configuration.

Recommendations For SIMATIC S7-1200 CPU family versions prior to V4.2.3, update to version V4.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the web interface to minimize the risk of exploitation.