Vulnerability Details CVE-2015-5698
Cross-site request forgery (CSRF) vulnerability in the web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.099
EPSS Ranking 92.7%
CVSS Severity
CVSS v2 Score 7.5
References
- http://packetstormsecurity.com/files/172315/Siemens-SIMATIC-S7-1200-Cross-Site-Request-Forgery.html
- http://www.securitytracker.com/id/1033419
- http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-134003.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-134003.pdf
- https://ics-cert.us-cert.gov/advisories/ICSA-15-239-02
- http://packetstormsecurity.com/files/172315/Siemens-SIMATIC-S7-1200-Cross-Site-Request-Forgery.html
- http://www.securitytracker.com/id/1033419
- http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-134003.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-134003.pdf
- https://ics-cert.us-cert.gov/advisories/ICSA-15-239-02
Products affected by CVE-2015-5698
-
cpe:2.3:h:siemens:simatic_s7_1200_cpu:-
-
cpe:2.3:o:siemens:simatic_s7_1200_cpu_firmware:4.0