QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2018-13800

Back to search

CVE-2018-13800

Published: Oct 10, 2018

Modified: Sep 16, 2024

PUBLISHED

Description

A vulnerability has been identified in SIMATIC S7-1200 CPU family version 4 (All versions < V4.2.3). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user, who must be authenticated to the web interface. A successful attack could allow an attacker to trigger actions via the web interface that the legitimate user is allowed to perform. This could allow the attacker to read or modify parts of the device configuration.

VendorProductVersions

Siemens AG

SIMATIC S7-1200 CPU family version 4

affected
All versions < V4.2.3

Weaknesses (CWE)

CWE-352

References

105542
vdb-entry
x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now