Summaryinfo

A vulnerability was found in Siemens SIMATIC S7 1200 Cpu. It has been declared as problematic. This affects an unknown function. Such manipulation leads to an unknown weakness. This vulnerability is referenced as CVE-2015-1048. No exploit is available. It is recommended to upgrade the affected component.

Detailsinfo

A vulnerability, which was classified as problematic, has been found in Siemens SIMATIC S7 1200 Cpu (SCADA Software). Using CWE to declare the problem leads to CWE-601. A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks. Impacted is integrity. CVE summarizes:

Open redirect vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

The weakness was published 01/21/2015 (Website). The advisory is available at siemens.com. This vulnerability is handled as CVE-2015-1048 since 01/12/2015. The attack may be launched remotely. No form of authentication is required for exploitation. The technical details are unknown and an exploit is not available. This vulnerability is assigned to T1204.001 by the MITRE ATT&CK project.

Upgrading to version 4.0 eliminates this vulnerability.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Type

• SCADA Software

Vendor

• Siemens

Name

• SIMATIC S7 1200 Cpu

License

• commercial

Website

• Vendor: https://www.siemens.com/

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion