CVE-2014-2249

CWE-352 — Cross-Site Request Forgery (CSRF)4 documents4 sources

Severity

5.8MEDIUM

EPSS

0.2%

top 60.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Simatic S7-1500 CPU Firmware

Timeline

PublishedMar 16

Latest updateMay 17

Description

Cross-site request forgery (CSRF) vulnerability on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 and SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:PExploitability: 8.6 | Impact: 4.9

Affected Packages1 packages

▶NVDsiemens/simatic_s7-1500_cpu_firmware1.1.2+3

Patches

Patch: www.siemens.com ↗Patch: www.siemens.com ↗

🔴Vulnerability Details

GHSA

GHSA-xgc5-jhvr-xfh8: Cross-site request forgery (CSRF) vulnerability on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1↗2022-05-17

▶

CVEList

CVE-2014-2249: Cross-site request forgery (CSRF) vulnerability on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1↗2014-03-16

▶