CVE-2015-5698

Siemens SIMATIC S7-1200 <4.1.3 - CSRF

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-5698. PoCs published by t4rkd3vilz.

AI-analyzed exploit summary This exploit demonstrates a Cross-Site Request Forgery (CSRF) vulnerability in Siemens SIMATIC S7-1200 CPU devices. It uses a simple HTML form to send a POST request to the target device, potentially allowing unauthorized actions.

Description

Cross-site request forgery (CSRF) vulnerability in the web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Exploits (1)

exploitdb WORKING POC
by t4rkd3vilz · textwebappslinux
https://www.exploit-db.com/exploits/44667

This exploit demonstrates a Cross-Site Request Forgery (CSRF) vulnerability in Siemens SIMATIC S7-1200 CPU devices. It uses a simple HTML form to send a POST request to the target device, potentially allowing unauthorized actions.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Siemens SIMATIC S7-1200 CPU family: All versions prior to V4.1.3
No auth needed
Prerequisites: Target device must be accessible via network · Victim must be tricked into submitting the form
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Scores

EPSS 0.0334
EPSS Percentile 87.1%

Details

CWE
CWE-352
Status published
Products (2)
siemens/simatic_s7_1200_cpu
siemens/simatic_s7_1200_cpu_firmware < 4.1.2
Published Aug 30, 2015
Tracked Since Feb 18, 2026