Your one-stop web resource providing safety and security information to manufacturers

Siemens created an update that mitigates an open redirect vulnerability in the SIMATIC S7-1200 CPU family, according to a report on ICS-CERT.

This remotely exploitable vulnerability ended up reported directly to Siemens by Ralf Spenneberg, Hendrik Schwartke, and Maik Brüggemann from OpenSource Training.

Siemens Updates Switch Vulnerabilities
Schneider Fixes HMI Gateway Holes
GE Updates CimView Application
GPS Clock Spoofing Vulnerability

SIMATIC S7-1200 CPU family: All versions prior to V4.1 suffers from the issue.

This vulnerability could allow an attacker to redirect users to untrusted sites under certain conditions.

Schneider Bold

Siemens is a multinational company headquartered in Munich, Germany.

Products in the Siemens SIMATIC S7-1200 CPU family are for discrete and continuous control in critical infrastructure sectors such as chemical, critical manufacturing, and food and agriculture.

The integrated web server (Port 80/TCP and Port 443/TCP) of the affected devices could allow an attacker to redirect users to untrusted web sites if unsuspecting users end up tricked to click on a malicious link.

CVE-2015-1048 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 4.3.

No known public exploits specifically target this vulnerability. An attacker with a medium skill would be able to exploit this vulnerability.

Siemens provides the SIMATIC S7-1200 CPU firmware release V4.1, which fixes the vulnerability.

For more information on these vulnerabilities and detailed instructions, click on Siemens Security Advisory SSA-597212.

Pin It on Pinterest

Share This