CVE-2024-46886
published 2024-10-08CVE-2024-46886: The web server of affected devices does not properly validate input that is used for a user redirection. This could allow an attacker to make the server…
medium5.1CVSS 4.0
AVNACLATNPRNUIAVCNVINVANSCNSILSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
The web server of affected devices does not properly validate input that is used for a user redirection. This could allow an attacker to make the server redirect the legitimate user to an attacker-chosen URL. For a successful exploit, the legitimate user must actively click on an attacker-crafted link.
Affected
144 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | simatic_drive_controller_cpu_1504d_tf | < V3.1.4 | V3.1.4 |
| siemens | simatic_drive_controller_cpu_1507d_tf | < V3.1.4 | V3.1.4 |
| siemens | simatic_et_200sp_cpu_1510sp-1_pn | < V2.9.8 | V2.9.8 |
| siemens | simatic_et_200sp_cpu_1510sp-1_pn | < V3.1.4 | V3.1.4 |
| siemens | simatic_et_200sp_cpu_1510sp_f-1_pn | < V2.9.8 | V2.9.8 |
| siemens | simatic_et_200sp_cpu_1510sp_f-1_pn | < V3.1.4 | V3.1.4 |
| siemens | simatic_et_200sp_cpu_1512sp-1_pn | < V2.9.8 | V2.9.8 |
| siemens | simatic_et_200sp_cpu_1512sp-1_pn | < V3.1.4 | V3.1.4 |
| siemens | simatic_et_200sp_cpu_1512sp_f-1_pn | < V2.9.8 | V2.9.8 |
| siemens | simatic_et_200sp_cpu_1512sp_f-1_pn | < V3.1.4 | V3.1.4 |
| siemens | simatic_et_200sp_cpu_1514sp-2_pn | < V3.1.4 | V3.1.4 |
| siemens | simatic_et_200sp_cpu_1514sp_f-2_pn | < V3.1.4 | V3.1.4 |
| siemens | simatic_et_200sp_cpu_1514spt-2_pn | < V3.1.4 | V3.1.4 |
| siemens | simatic_et_200sp_cpu_1514spt_f-2_pn | < V3.1.4 | V3.1.4 |
| siemens | simatic_et_200sp_open_controller_cpu_1515sp_pc2_v2_cpus_windows_os | < V21.9.8 | V21.9.8 |
| siemens | simatic_et_200sp_open_controller_cpu_1515sp_pc2_v3_cpus_industrial_os | < V31.1.4 | V31.1.4 |
| siemens | simatic_et_200sp_open_controller_cpu_1515sp_pc2_v3_cpus_windows_os | < V31.1.4 | V31.1.4 |
| siemens | simatic_s7-1200_cpu_1211c_ac_dc_rly | < V4.7.0 | V4.7.0 |
| siemens | simatic_s7-1200_cpu_1211c_dc_dc_dc | < V4.7.0 | V4.7.0 |
| siemens | simatic_s7-1200_cpu_1211c_dc_dc_rly | < V4.7.0 | V4.7.0 |
| siemens | simatic_s7-1200_cpu_1212c_ac_dc_rly | < V4.7.0 | V4.7.0 |
| siemens | simatic_s7-1200_cpu_1212c_dc_dc_dc | < V4.7.0 | V4.7.0 |
| siemens | simatic_s7-1200_cpu_1212c_dc_dc_rly | < V4.7.0 | V4.7.0 |
| siemens | simatic_s7-1200_cpu_1212fc_dc_dc_dc | < V4.7.0 | V4.7.0 |
| siemens | simatic_s7-1200_cpu_1212fc_dc_dc_rly | < V4.7.0 | V4.7.0 |