Cross-site request forgery (CSRF) vulnerability on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 and SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Cross-site request forgery (CSRF) vulnerability on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 and SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.  

This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

Siemens S7-1200 PLC central processing units (CPUs) prior to version 4.0 are vulnerable to cross-site request forgery (CSRF) via the web interface. An attacker may also be able to perform a Denial of Server (DoS) attack with specially crafted HTTP(S), ISO-TSAP, or Profinet network packets. Due to low entropy in its random number generator, the integrated web server’s authentication method (port 80/tcp and port 443/tcp) could allow attackers to hijack web sessions over the network if the session token can be predicted.

Siemens SIMATIC S7 1500 programmable logic controllers (PLCs) prior to firmware version 1.5 have multiple vulnerabilities that may allow attackers to perform Denial of Service (DoS) attacks with specially crafted HTTP(S), ISO-TSAP, or Profinet network packets. The web server may also be vulnerable to cross-site request forgery (CSRF), cross-site scripting (XSS), header injection, open redirect attacks, and privilege escalation.

ID	Name	Product	Family	Severity
500269	Siemens SIMATIC S7-1500 & S7-1200 Cross-Site Request Forgery (CVE-2014-2249)	Tenable OT Security	Tenable.ot	high
720192	Siemens SIMATIC S7-1500 < 1.5 and S7-1200 PLCs < 4.0 Cross Site Request Forgery	Nessus Network Monitor	SCADA	medium
139	Siemens S7-1200 Series PLC CPU < 4.0 Multiple Vulnerabilities	Nessus Network Monitor	SCADA	high
134	Siemens SIMATIC S7 1500 Firmware < 1.5.0 Multiple Vulnerabilities	Nessus Network Monitor	SCADA	high

Detections

Analytics

CVE-2014-2249

high

Tenable Plugins

high

medium

high

high