CVE-2024-46886

MEDIUM

SIMATIC Drive Controller and ET 200SP CPU - Open Redirect via Web Server Input

Title source: llm

Description

The web server of affected devices does not properly validate input that is used for a user redirection. This could allow an attacker to make the server redirect the legitimate user to an attacker-chosen URL. For a successful exploit, the legitimate user must actively click on an attacker-crafted link.

References (1)

Core 1

Core References

Vendor Advisory

https://cert-portal.siemens.com/productcert/html/ssa-876787.html

Scores

CVSS v3 4.7

EPSS 0.0009

EPSS Percentile 25.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-601

Status published

Products (50)

Siemens/SIMATIC Drive Controller CPU 1504D TF < V3.1.4

Siemens/SIMATIC Drive Controller CPU 1507D TF < V3.1.4

Siemens/SIMATIC ET 200SP CPU 1510SP F-1 PN < V2.9.8

Siemens/SIMATIC ET 200SP CPU 1510SP F-1 PN < V3.1.4

Siemens/SIMATIC ET 200SP CPU 1510SP-1 PN < V2.9.8

Siemens/SIMATIC ET 200SP CPU 1510SP-1 PN < V3.1.4

Siemens/SIMATIC ET 200SP CPU 1512SP F-1 PN < V2.9.8

Siemens/SIMATIC ET 200SP CPU 1512SP F-1 PN < V3.1.4

Siemens/SIMATIC ET 200SP CPU 1512SP-1 PN < V2.9.8

Siemens/SIMATIC ET 200SP CPU 1512SP-1 PN < V3.1.4

... and 40 more

Published Oct 08, 2024

Tracked Since Feb 18, 2026