As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
1. EXECUTIVE SUMMARY
- CVSS v4 5.1
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SIMATIC S7-1500 and S7-1200 CPUs
- Vulnerability: Open Redirect
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to make the web server of affected devices redirect a legitimate user to an attacker-chosen URL.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Siemens reports that the following SIMATIC S7-1500 and S7-1200 CPUs are affected:
- SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0): versions prior to V3.1.4
- SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0): versions prior to V3.1.4
- SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants): all versions
- SIMATIC S7-1200 CPU 1211C AC/DC/Rly (6ES7211-1BE40-0XB0): all versions
- SIMATIC S7-1200 CPU 1211C DC/DC/DC (6ES7211-1AE40-0XB0): all versions
- SIMATIC S7-1200 CPU 1211C DC/DC/Rly (6ES7211-1HE40-0XB0): all versions
- SIMATIC S7-1200 CPU 1212C AC/DC/Rly (6ES7212-1BE40-0XB0): all versions
- SIMATIC S7-1200 CPU 1212C DC/DC/DC (6ES7212-1AE40-0XB0): all versions
- SIMATIC S7-1200 CPU 1212C DC/DC/Rly (6ES7212-1HE40-0XB0): all versions
- SIMATIC S7-1200 CPU 1212FC DC/DC/DC (6ES7212-1AF40-0XB0): all versions
- SIMATIC S7-1200 CPU 1212FC DC/DC/Rly (6ES7212-1HF40-0XB0): all versions
- SIMATIC S7-1200 CPU 1214C AC/DC/Rly (6ES7214-1BG40-0XB0): all versions
- SIMATIC S7-1200 CPU 1214C DC/DC/DC (6ES7214
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.This article has been indexed from All CISA AdvisoriesRead the original article: