CVE-2024-47100

Name of the Vulnerable Software and Affected Versions: SIMATIC S7-1200 CPU versions 1211C through 1217C SIPLUS S7-1200 CPU versions 1212 through 1215

Description: The web interface of the affected devices is vulnerable to Cross-Site Request Forgery (CSRF) attacks. This could allow an unauthenticated attacker to change the CPU mode by tricking a legitimate and authenticated user with sufficient permissions on the target CPU to click on a malicious link.

Recommendations: For SIMATIC S7-1200 CPU versions 1211C through 1217C, restrict access to the web interface to minimize the risk of exploitation. For SIPLUS S7-1200 CPU versions 1212 through 1215, consider disabling the web interface until a patch is available. As a temporary workaround, avoid using the web interface for critical operations until the issue is resolved.