CVE-2014-2248

Open redirect vulnerability in the integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
VendorProductVersion
siemenssimatic_s7-1500_cpu_firmware
𝑥
≤ 1.1.2
siemenssimatic_s7-1500_cpu_firmware
1.0.1
siemenssimatic_s7-1500_cpu_firmware
1.1.0
siemenssimatic_s7-1500_cpu_firmware
1.1.1
𝑥
= Vulnerable software versions
References
http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01
http://www.securityfocus.com/bid/66190
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf
http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01
http://www.securityfocus.com/bid/66190
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf