PT-2024-7669 · Siemens · S7-1200 Cpu+2

David Henrique Estevam De Andrade

Published

2024-09-12

Updated

2024-10-13

CVE-2024-46886

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions SIMATICS7-1500 and S7-1200 CPU family (affected versions not specified)

Description The web server of affected devices does not properly validate input used for user redirection, allowing an attacker to redirect a legitimate user to an attacker-chosen URL. For a successful exploit, the legitimate user must actively click on an attacker-crafted link. The issue is related to the web server's ability to redirect users to unreliable sites, potentially allowing a remote attacker to redirect users to arbitrary URLs.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

BDU:2024-09115

CVE-2024-46886

Affected Products

S7-1200 Cpu

S7-1500

Simatic

PT-2024-7669 · Siemens · S7-1200 Cpu+2

CVE-2024-46886

Weakness Enumeration

Related Identifiers

Affected Products

References · 8