Siemens S7-1200 Series PLC CPU < 4.0 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 139

Description

Siemens S7-1200 PLC central processing units (CPUs) prior to version 4.0 are vulnerable to cross-site request forgery (CSRF) via the web interface. An attacker may also be able to perform a Denial of Server (DoS) attack with specially crafted HTTP(S), ISO-TSAP, or Profinet network packets. Due to low entropy in its random number generator, the integrated web server’s authentication method (port 80/tcp and port 443/tcp) could allow attackers to hijack web sessions over the network if the session token can be predicted.

See Also

http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf

http://www.industry.siemens.com/topics/global/en/industrial-security/news-alerts/Pages/alerts.aspx

Plugin Details

Severity: High

ID: 139

Family: SCADA

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 8.3

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C

Reference Information

CVE: CVE-2014-2249, CVE-2014-2250, CVE-2014-2252, CVE-2014-2254, CVE-2014-2256, CVE-2014-2258

BID: 661996634466345975792816619520