Unrated severityNVD Advisory· Published Oct 10, 2018· Updated Sep 16, 2024

CVE-2018-13800

Description

A vulnerability has been identified in SIMATIC S7-1200 CPU family version 4 (All versions < V4.2.3). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user, who must be authenticated to the web interface. A successful attack could allow an attacker to trigger actions via the web interface that the legitimate user is allowed to perform. This could allow the attacker to read or modify parts of the device configuration.

Affected products

Siemens Foundation/SIMATIC S7-400 CPU familyllm-fuzzy
Range: <4.2.3
Siemens AG/SIMATIC S7-1200 CPU family version 4v5
Range: All versions < V4.2.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/105542mitrevdb-entryx_refsource_BID
cert-portal.siemens.com/productcert/pdf/ssa-507847.pdfmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000