CVE-2015-5698 – Siemens SIMATIC S7-1200 Cross Site Request Forgery
https://notcve.org/view.php?id=CVE-2015-5698
Cross-site request forgery (CSRF) vulnerability in the web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Vulnerabilidad de CSRF en el servidor web en dispositivos Siemens SIMATIC S7-1200 CPU con firmware en versiones anteriores a 4.1.3, permite a atacantes remotos secuestrar la autenticación de víctimas no especificadas a través de vectores no especificados. Siemens SIMATIC S7-1200 suffers from a CPU functionality related cross site request forgery vulnerability. • http://packetstormsecurity.com/files/172315/Siemens-SIMATIC-S7-1200-Cross-Site-Request-Forgery.html http://www.securitytracker.com/id/1033419 http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-134003.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-134003.pdf https://ics-cert.us-cert.gov/advisories/ICSA-15-239-02 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2015-1048
https://notcve.org/view.php?id=CVE-2015-1048
Open redirect vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Vulnerabilidad de la redirección abierta en el servidor web integrado en los dispositivos Siemens SIMATIC S7-1200 CPU con firmware anterior a 4.1 permite a atacantes remotos redirigir usuarios a sitios web arbitrarios ay realizar ataques de phishing a través de vectores no especifcados. • http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-597212.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-597212.pdf •