CVE-2015-5698
Summary
| CVE | CVE-2015-5698 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2015-08-30 14:59:00 UTC |
|---|
| Updated | 2023-05-15 17:15:00 UTC |
|---|
| Description | Cross-site request forgery (CSRF) vulnerability in the web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Siemens SIMATIC S7-1200 CSRF Vulnerability | ICS-CERT |
MISC |
ics-cert.us-cert.gov |
Third Party Advisory, US Government Resource |
| Siemens SIMATIC S7-1200 Cross Site Request Forgery ≈ Packet Storm |
MISC |
packetstormsecurity.com |
|
| Siemens SIMATIC S7-1200 Access Control Flaw Lets Remote Users Conduct Cross-Site Request Forgery Attacks - SecurityTracker |
SECTRACK |
www.securitytracker.com |
|
| Siemens |
CONFIRM |
www.siemens.com |
Patch, Vendor Advisory |
| cert-portal.siemens.com/productcert/pdf/ssa-134003.pdf |
CONFIRM |
cert-portal.siemens.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 591285 Siemens SIMATIC S7-1200 Cross-Site Request Forgery (CSRF) Vulnerability (ICSA-15-239-02, SSA-134003)
