cbcvebase.
CVE-2022-30694
published 2022-11-08

CVE-2022-30694: The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the…

low3.5CVSS 3.1
AVNACLPRLUIRSUCLINAN
The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack.

Affected

144 ranges· showing 25
VendorProductVersion rangeFixed in
siemens6ag1151-8ab01-7ab0_firmware< 3.2.193.2.19
siemens6ag1151-8fb01-2ab0_firmware< 3.2.193.2.19
siemens6ag1314-6eh04-7ab0_firmware< 3.3.193.3.19
siemens6ag1315-2eh14-7ab0_firmware< 3.2.193.2.19
siemens6ag1315-2fj14-2ab0_firmware< 3.2.193.2.19
siemens6ag1317-2ek14-7ab0_firmware< 3.2.193.2.19
siemens6ag1317-2fk14-2ab0_firmware< 3.2.193.2.19
siemens6es7151-8ab01-0ab0_firmware< 3.2.193.2.19
siemens6es7151-8fb01-0ab0_firmware< 3.2.193.2.19
siemens6es7154-8ab01-0ab0_firmware< 3.2.193.2.19
siemens6es7154-8fb01-0ab0_firmware< 3.2.193.2.19
siemens6es7154-8fx00-0ab0_firmware< 3.2.193.2.19
siemens6es7314-6eh04-0ab0_firmware< 3.3.193.3.19
siemens6es7315-2eh14-0ab0_firmware< 3.2.193.2.19
siemens6es7315-2fj14-0ab0_firmware< 3.2.193.2.19
siemens6es7315-7tj10-0ab0_firmware< 3.2.193.2.19
siemens6es7317-2ek14-0ab0_firmware< 3.2.193.2.19
siemens6es7317-2fk14-0ab0_firmware< 3.2.193.2.19
siemens6es7317-7tk10-0ab0_firmware< 3.2.193.2.19
siemens6es7317-7ul10-0ab0_firmware< 3.2.193.2.19
siemens6es7318-3el01-0ab0_firmware< 3.2.193.2.19
siemens6es7318-3fl01-0ab0_firmware< 3.2.193.2.19
siemenssimatic_drive_controller_cpu_1504d_tf
siemenssimatic_drive_controller_cpu_1507d_tf
siemenssimatic_et_200pro_im154-8_pn_dp_cpu