Siemens SIMATIC S7-1200 2.x < 4.x Header Injection

medium Nessus Network Monitor Plugin ID 720049

Synopsis

CRLF injection vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices allows for arbitrary HTTP header injection.

Description

CRLF injection vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary HTTP headers via unspecified vectors.

Solution

Perform vendor recommended mitigations and apply available vendor upgrades.

See Also

https://ics-cert.us-cert.gov/advisories/ICSA-14-114-02,http://ics-cert.us-cert.gov/advisories/ICSA-14-114-02,http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf

Plugin Details

Severity: Medium

ID: 720049

Family: SCADA

Published: 5/8/2019

Updated: 9/30/2019

Risk Information

VPR

Risk Factor: Low

Score: 2.5

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P

Vulnerability Information

Patch Publication Date: 4/24/2014

Vulnerability Publication Date: 4/24/2014

Reference Information

CVE: CVE-2014-2909