cnvd - cnvd-2018-20531

cnvd-2018-20531

Vulnerability from cnvd

Title

SIEMENS SIMATIC S7-1200 CPU Family跨站请求伪造漏洞

Description

SIEMENS SIMATIC S7-1200 CPU Family设计用于工业环境中的离散和连续控制，例如制造业，食品和饮料以及全球化学工业。 SIEMENS SIMATIC S7-1200 CPU Family存在跨站请求伪造漏洞。允许攻击者读取或修改设备配置的某些部分。

Severity

高

Patch Name

SIEMENS SIMATIC S7-1200 CPU Family跨站请求伪造漏洞的补丁

Patch Description

SIEMENS SIMATIC S7-1200 CPU Family设计用于工业环境中的离散和连续控制，例如制造业，食品和饮料以及全球化学工业。 SIEMENS SIMATIC S7-1200 CPU Family存在跨站请求伪造漏洞。允许攻击者读取或修改设备配置的某些部分。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下供应商提供的安全公告获得补丁信息： https://cert-portal.siemens.com/productcert/pdf/ssa-507847.pdf

Reference

https://cert-portal.siemens.com/productcert/pdf/ssa-507847.pdf

Impacted products

Name
SIEMENS SIMATIC S7-1200 CPU family <4.2.3

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-13800"
    }
  },
  "description": "SIEMENS SIMATIC S7-1200 CPU Family\u8bbe\u8ba1\u7528\u4e8e\u5de5\u4e1a\u73af\u5883\u4e2d\u7684\u79bb\u6563\u548c\u8fde\u7eed\u63a7\u5236\uff0c\u4f8b\u5982\u5236\u9020\u4e1a\uff0c\u98df\u54c1\u548c\u996e\u6599\u4ee5\u53ca\u5168\u7403\u5316\u5b66\u5de5\u4e1a\u3002\r\n\r\nSIEMENS SIMATIC S7-1200 CPU Family\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u3002\u5141\u8bb8\u653b\u51fb\u8005\u8bfb\u53d6\u6216\u4fee\u6539\u8bbe\u5907\u914d\u7f6e\u7684\u67d0\u4e9b\u90e8\u5206\u3002",
  "discovererName": "Lisa Fournet and Marl Joos from P3 communications Gmb",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-507847.pdf",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-20531",
  "openTime": "2018-10-10",
  "patchDescription": "SIEMENS SIMATIC S7-1200 CPU Family\u8bbe\u8ba1\u7528\u4e8e\u5de5\u4e1a\u73af\u5883\u4e2d\u7684\u79bb\u6563\u548c\u8fde\u7eed\u63a7\u5236\uff0c\u4f8b\u5982\u5236\u9020\u4e1a\uff0c\u98df\u54c1\u548c\u996e\u6599\u4ee5\u53ca\u5168\u7403\u5316\u5b66\u5de5\u4e1a\u3002\r\n\r\nSIEMENS SIMATIC S7-1200 CPU Family\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u3002\u5141\u8bb8\u653b\u51fb\u8005\u8bfb\u53d6\u6216\u4fee\u6539\u8bbe\u5907\u914d\u7f6e\u7684\u67d0\u4e9b\u90e8\u5206\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "SIEMENS SIMATIC S7-1200 CPU Family\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "SIEMENS SIMATIC S7-1200 CPU family \u003c4.2.3"
  },
  "referenceLink": "https://cert-portal.siemens.com/productcert/pdf/ssa-507847.pdf",
  "serverity": "\u9ad8",
  "submitTime": "2018-10-10",
  "title": "SIEMENS SIMATIC S7-1200 CPU Family\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e"
}

CVE-2018-13800 (GCVE-0-2018-13800)

Vulnerability from cvelistv5

Published

2018-10-10 17:00

Modified

2024-09-16 20:53

Severity ?

CWE

CWE-352 - Cross-Site Request Forgery (CSRF)

Summary

A vulnerability has been identified in SIMATIC S7-1200 CPU family version 4 (All versions < V4.2.3). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user, who must be authenticated to the web interface. A successful attack could allow an attacker to trigger actions via the web interface that the legitimate user is allowed to perform. This could allow the attacker to read or modify parts of the device configuration.

References

URL

Tags

	https://cert-portal.siemens.com/productcert/pdf/ssa-507847.pdf	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/105542	vdb-entry, x_refsource_BID