PT-2018-12195 · Siemens · Simatic S7-1200 Cpu

Published

2018-10-10

Updated

2019-10-09

CVE-2018-13800

CVSS v3.1

7.3

High

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions SIMATIC S7-1200 CPU family versions prior to V4.2.3

Description A security issue has been identified that could allow a Cross-Site Request Forgery (CSRF) attack through the web interface. This attack requires user interaction by a legitimate user who must be authenticated to the web interface. If successful, an attacker could trigger actions via the web interface that the legitimate user is allowed to perform, potentially allowing the attacker to read or modify parts of the device configuration.

Recommendations For SIMATIC S7-1200 CPU family versions prior to V4.2.3, update to version V4.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the web interface to minimize the risk of exploitation.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2018-13800

Affected Products

Simatic S7-1200 Cpu

PT-2018-12195 · Siemens · Simatic S7-1200 Cpu

CVE-2018-13800

Weakness Enumeration

Related Identifiers

Affected Products

References · 4