Siemens mitigated a Cross-Site Request Forgery (CSRF) vulnerability in the SIMATIC S7 1200 CPUs, according to a report on ICS-CERT.
The remotely exploitable vulnerability went directly to Siemens from Ralf Spenneberg, Hendrik Schwartke, and Maik Brüggemann from OpenSource Training.
SIMATIC S7-1200 CPU family: All versions prior to V4.1.3 suffer from the issue.
A successful exploit of this vulnerability could allow a remote attacker to perform actions with the permissions of a valid user.
Munich, Germany-based Siemens said the affected products, Siemens SIMATIC S7-1200 CPU family, are for discrete and continuous control in critical infrastructure. The SIMATIC S7 1200 CPUs deploy across several sectors including chemical, critical manufacturing, and food and agriculture. They also see action on a global basis.
The integrated web server (Port 80/TCP and Port 443/TCP) of the affected programmable logic controllers (PLCs) could allow remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and triggers the malicious request.
CVE-2015- 5698 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 6.8.
No known public exploit specifically targets this vulnerability. An attacker with medium skill would be able to exploit this vulnerability.
Siemens provides firmware update V4.1.3 for SIMATIC S7-1200 V4 CPUs which fixes the vulnerability and recommends customers to update to the new fixed version. There are two locations for the update: Site 1 and https://support.industry.siemens.com/cs/ww/en/ps/13686/dl.
As a general security measure Siemens recommends to protect network access to the web interface of S7-1200 CPUs with appropriate mechanisms. Siemens advises to configure the environment according to Siemens operational guidelines in order to run the devices in a protected IT environment.
For more information on these vulnerabilities and detailed instructions, click here for Siemens Security Advisory SSA-134003.