CVE-2014-2249

Summary

CVE	CVE-2014-2249
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2014-03-16 14:06:00 UTC
Updated	2014-03-26 04:57:00 UTC
Description	Cross-site request forgery (CSRF) vulnerability on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 and SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Risk And Classification

Problem Types: CWE-352

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Siemens	Simatic S7-1500 Cpu Firmware	1.0.1	All	All	All
Operating System	Siemens	Simatic S7-1500 Cpu Firmware	1.1.0	All	All	All
Operating System	Siemens	Simatic S7-1500 Cpu Firmware	1.1.1	All	All	All
Operating System	Siemens	Simatic S7-1500 Cpu Firmware	1.0.1	All	All	All
Operating System	Siemens	Simatic S7-1500 Cpu Firmware	1.1.0	All	All	All
Operating System	Siemens	Simatic S7-1500 Cpu Firmware	1.1.1	All	All	All
Operating System	Siemens	Simatic S7-1500 Cpu Firmware	All	All	All	All

References

Reference	Source	Link	Tags
cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf	CONFIRM	cert-portal.siemens.com
Siemens	CONFIRM	www.siemens.com	Patch, Vendor Advisory
Siemens SIMATIC S7-1200 Vulnerabilities \| ICS-CERT	MISC	ics-cert.us-cert.gov	US Government Resource
Siemens SIMATIC S7-1500 CPU Firmware Vulnerabilities \| ICS-CERT	MISC	ics-cert.us-cert.gov	US Government Resource
Siemens	CONFIRM	www.siemens.com
cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf	CONFIRM	cert-portal.siemens.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

591110 Siemens SIMATIC S7-1200 Multiple Vulnerabilities (ICSA-14-079-02, SSA-654382)
591118 Siemens SIMATIC S7-1500 CPU family Multiple Vulnerabilities (ICSA-14-073-01,SSA-456423)