Siemens created an update that mitigates an open redirect vulnerability in the SIMATIC S7-1200 CPU family, according to a report on ICS-CERT.
This remotely exploitable vulnerability ended up reported directly to Siemens by Ralf Spenneberg, Hendrik Schwartke, and Maik Brüggemann from OpenSource Training.
SIMATIC S7-1200 CPU family: All versions prior to V4.1 suffers from the issue.
This vulnerability could allow an attacker to redirect users to untrusted sites under certain conditions.
Siemens is a multinational company headquartered in Munich, Germany.
Products in the Siemens SIMATIC S7-1200 CPU family are for discrete and continuous control in critical infrastructure sectors such as chemical, critical manufacturing, and food and agriculture.
The integrated web server (Port 80/TCP and Port 443/TCP) of the affected devices could allow an attacker to redirect users to untrusted web sites if unsuspecting users end up tricked to click on a malicious link.
CVE-2015-1048 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 4.3.
No known public exploits specifically target this vulnerability. An attacker with a medium skill would be able to exploit this vulnerability.
Siemens provides the SIMATIC S7-1200 CPU firmware release V4.1, which fixes the vulnerability.
For more information on these vulnerabilities and detailed instructions, click on Siemens Security Advisory SSA-597212.