Siemens SIMATIC S7-1200 Access Control Flaw Lets Remote Users Conduct Cross-Site Request Forgery Attacks : 8/30/2015 12:48:09 AM
Communicate with co-workers in real time. Used by Netflix, Dropbox & Salesforce. $0/unlimited users. Get started >> From our sponsors |
Vulnerability Databse |
This module replaces the description field of a feed to the page it links to (in addition, it wipes out the content:encoded field), so you can get its full text. |
Siemens SIMATIC S7-1200 Access Control Flaw Lets Remote Users Conduct Cross-Site Request Forgery Attacks
8/30/2015 12:00:00 AM
Siemens SIMATIC S7-1200 Access Control Flaw Lets Remote Users Conduct Cross-Site Request Forgery Attacks |
SecurityTracker Alert ID: 1033419 |
SecurityTracker URL: http://securitytracker.com/id/1033419 |
CVE Reference: CVE-2015-5698 (Links to External Site) |
Date: Aug 29 2015 |
Impact: Modification of user information |
Fix Available: Yes Vendor Confirmed: Yes |
Version(s): S7-1200 firmware prior to 4.1.3 |
Description: A vulnerability was reported in Siemens SIMATIC S7-1200. A remote user can conduct cross-site request forgery attacks. A remote user can create a specially crafted HTML page or URL that, when loaded by the target authenticated user, will take actions on the target interface acting as the target user. Ralf Spenneberg, Hendrik Schwartke, and Maik Bruggemann from OpenSource Training reported this vulnerability. |
Impact: A remote user can take actions on the target system acting as the target authenticated user. |
Solution: The vendor has issued a fix (firmware update 4.1.3). The vendor's advisory is available at: http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-134003.pdf |
Vendor URL: www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-134003.pdf (Links to External Site) |
Cause: Access control error, Input validation error |
Underlying OS: Windows (Any) |
|
Message History: None. |
You are receiving this email because you subscribed to this feed at feedmyinbox.com
If you no longer wish to receive these emails, you can unsubscribe from this feed, or manage all your subscriptions
Diberdayakan oleh Blogger.