CVE-2018-13800
HIGHSIMATIC S7-1200 CPU V4 < 4.2.3 - Authenticated Cross-Site Request Forgery
Title source: llmDescription
A vulnerability has been identified in SIMATIC S7-1200 CPU family version 4 (All versions < V4.2.3). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user, who must be authenticated to the web interface. A successful attack could allow an attacker to trigger actions via the web interface that the legitimate user is allowed to perform. This could allow the attacker to read or modify parts of the device configuration.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://cert-portal.siemens.com/productcert/pdf/ssa-507847.pdf
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/105542
Scores
CVSS v3
7.3
EPSS
0.0018
EPSS Percentile
39.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Details
CWE
CWE-352
Status
published
Products (1)
siemens/simatic_s7-1200_v4_firmware
< 4.2.3
Published
Oct 10, 2018
Tracked Since
Feb 18, 2026