David Henrique Estevam De Andrade

Name of the Vulnerable Software and Affected Versions: Web server (affected versions not specified) Description: The login functionality of the web server does not normalize the response times of login attempts, allowing an unauthenticated remote attacker to exploit this side-channel information to distinguish between valid and invalid usernames. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SIMATIC S7-1200 CPU versions 1211C through 1217C SIPLUS S7-1200 CPU versions 1212 through 1215 Description: The web interface of the affected devices is vulnerable to Cross-Site Request Forgery (CSRF) attacks. This could allow an unauthenticated attacker to change the CPU mode by tricking a legitimate and authenticated user with sufficient permissions on the target CPU to click on a malicious link. Recommendations: For SIMATIC S7-1200 CPU versions 1211C through 1217C, restrict access to the web interface to minimize the risk of exploitation. For SIPLUS S7-1200 CPU versions 1212 through 1215, consider disabling the web interface until a patch is available. As a temporary workaround, avoid using the web interface for critical operations until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SIMATICS7-1500 and S7-1200 CPU family (affected versions not specified) **Description** The web server of affected devices does not properly validate input used for user redirection, allowing an attacker to redirect a legitimate user to an attacker-chosen URL. For a successful exploit, the legitimate user must actively click on an attacker-crafted link. The issue is related to the web server's ability to redirect users to unreliable sites, potentially allowing a remote attacker to redirect users to arbitrary URLs. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.