CVE-2014-2249

EUVD-2014-2288
Cross-site request forgery (CSRF) vulnerability on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 and SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
Affected Products (NVD)
VendorProductVersion
siemenssimatic_s7-1500_cpu_firmware
𝑥
≤ 1.1.2
siemenssimatic_s7-1500_cpu_firmware
1.0.1
siemenssimatic_s7-1500_cpu_firmware
1.1.0
siemenssimatic_s7-1500_cpu_firmware
1.1.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01
http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf
http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01
http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf