CVE-2014-2249

Cross-site request forgery (CSRF) vulnerability on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 and SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
VendorProductVersion
siemenssimatic_s7-1500_cpu_firmware
𝑥
≤ 1.1.2
siemenssimatic_s7-1500_cpu_firmware
1.0.1
siemenssimatic_s7-1500_cpu_firmware
1.1.0
siemenssimatic_s7-1500_cpu_firmware
1.1.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01
http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf
http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01
http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf