SecuriTricks - CVE-2024-47100

Description

A vulnerability has been identified in SIMATIC S7-1200 CPU 1211C AC/DC/Rly (6ES7211-1BE40-0XB0), SIMATIC S7-1200 CPU 1211C DC/DC/DC (6ES7211-1AE40-0XB0), SIMATIC S7-1200 CPU 1211C DC/DC/Rly (6ES7211-1HE40-0XB0), SIMATIC S7-1200 CPU 1212C AC/DC/Rly (6ES7212-1BE40-0XB0), SIMATIC S7-1200 CPU 1212C DC/DC/DC (6ES7212-1AE40-0XB0), SIMATIC S7-1200 CPU 1212C DC/DC/Rly (6ES7212-1HE40-0XB0), SIMATIC S7-1200 CPU 1212FC DC/DC/DC (6ES7212-1AF40-0XB0), SIMATIC S7-1200 CPU 1212FC DC/DC/Rly (6ES7212-1HF40-0XB0), SIMATIC S7-1200 CPU 1214C AC/DC/Rly (6ES7214-1BG40-0XB0), SIMATIC S7-1200 CPU 1214C DC/DC/DC (6ES7214-1AG40-0XB0), SIMATIC S7-1200 CPU 1214C DC/DC/Rly (6ES7214-1HG40-0XB0), SIMATIC S7-1200 CPU 1214FC DC/DC/DC (6ES7214-1AF40-0XB0), SIMATIC S7-1200 CPU 1214FC DC/DC/Rly (6ES7214-1HF40-0XB0), SIMATIC S7-1200 CPU 1215C AC/DC/Rly (6ES7215-1BG40-0XB0), SIMATIC S7-1200 CPU 1215C DC/DC/DC (6ES7215-1AG40-0XB0), SIMATIC S7-1200 CPU 1215C DC/DC/Rly (6ES7215-1HG40-0XB0), SIMATIC S7-1200 CPU 1215FC DC/DC/DC (6ES7215-1AF40-0XB0), SIMATIC S7-1200 CPU 1215FC DC/DC/Rly (6ES7215-1HF40-0XB0), SIMATIC S7-1200 CPU 1217C DC/DC/DC (6ES7217-1AG40-0XB0), SIPLUS S7-1200 CPU 1212 AC/DC/RLY (6AG1212-1BE40-2XB0), SIPLUS S7-1200 CPU 1212 AC/DC/RLY (6AG1212-1BE40-4XB0), SIPLUS S7-1200 CPU 1212 DC/DC/RLY (6AG1212-1HE40-2XB0), SIPLUS S7-1200 CPU 1212 DC/DC/RLY (6AG1212-1HE40-4XB0), SIPLUS S7-1200 CPU 1212C DC/DC/DC (6AG1212-1AE40-2XB0), SIPLUS S7-1200 CPU 1212C DC/DC/DC (6AG1212-1AE40-4XB0), SIPLUS S7-1200 CPU 1212C DC/DC/DC RAIL (6AG2212-1AE40-1XB0), SIPLUS S7-1200 CPU 1214 AC/DC/RLY (6AG1214-1BG40-2XB0), SIPLUS S7-1200 CPU 1214 AC/DC/RLY (6AG1214-1BG40-4XB0), SIPLUS S7-1200 CPU 1214 AC/DC/RLY (6AG1214-1BG40-5XB0), SIPLUS S7-1200 CPU 1214 DC/DC/DC (6AG1214-1AG40-2XB0), SIPLUS S7-1200 CPU 1214 DC/DC/DC (6AG1214-1AG40-4XB0), SIPLUS S7-1200 CPU 1214 DC/DC/DC (6AG1214-1AG40-5XB0), SIPLUS S7-1200 CPU 1214 DC/DC/RLY (6AG1214-1HG40-2XB0), SIPLUS S7-1200 CPU 1214 DC/DC/RLY (6AG1214-1HG40-4XB0), SIPLUS S7-1200 CPU 1214 DC/DC/RLY (6AG1214-1HG40-5XB0), SIPLUS S7-1200 CPU 1214C DC/DC/DC RAIL (6AG2214-1AG40-1XB0), SIPLUS S7-1200 CPU 1214FC DC/DC/DC (6AG1214-1AF40-5XB0), SIPLUS S7-1200 CPU 1214FC DC/DC/RLY (6AG1214-1HF40-5XB0), SIPLUS S7-1200 CPU 1215 AC/DC/RLY (6AG1215-1BG40-2XB0), SIPLUS S7-1200 CPU 1215 AC/DC/RLY (6AG1215-1BG40-4XB0), SIPLUS S7-1200 CPU 1215 AC/DC/RLY (6AG1215-1BG40-5XB0), SIPLUS S7-1200 CPU 1215 DC/DC/DC (6AG1215-1AG40-2XB0), SIPLUS S7-1200 CPU 1215 DC/DC/DC (6AG1215-1AG40-4XB0), SIPLUS S7-1200 CPU 1215 DC/DC/RLY (6AG1215-1HG40-2XB0), SIPLUS S7-1200 CPU 1215 DC/DC/RLY (6AG1215-1HG40-4XB0), SIPLUS S7-1200 CPU 1215 DC/DC/RLY (6AG1215-1HG40-5XB0), SIPLUS S7-1200 CPU 1215C DC/DC/DC (6AG1215-1AG40-5XB0), SIPLUS S7-1200 CPU 1215FC DC/DC/DC (6AG1215-1AF40-5XB0). The web interface of the affected devices is vulnerable to Cross-Site Request Forgery (CSRF) attacks. This could allow an unauthenticated attacker to change the CPU mode by tricking a legitimate and authenticated user with sufficient permissions on the target CPU to click on a malicious link.

Product(s) Impacted

Product	Versions
SIMATIC S7-1200	1211C AC/DC/Rly (6ES7211-1BE40-0XB0) 1211C DC/DC/DC (6ES7211-1AE40-0XB0) 1211C DC/DC/Rly (6ES7211-1HE40-0XB0) 1212C AC/DC/Rly (6ES7212-1BE40-0XB0) 1212C DC/DC/DC (6ES7212-1AE40-0XB0) 1212C DC/DC/Rly (6ES7212-1HE40-0XB0) 1212FC DC/DC/DC (6ES7212-1AF40-0XB0) 1212FC DC/DC/Rly (6ES7212-1HF40-0XB0) 1214C AC/DC/Rly (6ES7214-1BG40-0XB0) 1214C DC/DC/DC (6ES7214-1AG40-0XB0) 1214C DC/DC/Rly (6ES7214-1HG40-0XB0) 1214FC DC/DC/DC (6ES7214-1AF40-0XB0) 1214FC DC/DC/Rly (6ES7214-1HF40-0XB0) 1215C AC/DC/Rly (6ES7215-1BG40-0XB0) 1215C DC/DC/DC (6ES7215-1AG40-0XB0) 1215C DC/DC/Rly (6ES7215-1HG40-0XB0) 1215FC DC/DC/DC (6ES7215-1AF40-0XB0) 1215FC DC/DC/Rly (6ES7215-1HF40-0XB0) 1217C DC/DC/DC (6ES7217-1AG40-0XB0)

Product

Versions

SIMATIC S7-1200

1211C AC/DC/Rly (6ES7211-1BE40-0XB0)
1211C DC/DC/DC (6ES7211-1AE40-0XB0)
1211C DC/DC/Rly (6ES7211-1HE40-0XB0)
1212C AC/DC/Rly (6ES7212-1BE40-0XB0)
1212C DC/DC/DC (6ES7212-1AE40-0XB0)
1212C DC/DC/Rly (6ES7212-1HE40-0XB0)
1212FC DC/DC/DC (6ES7212-1AF40-0XB0)
1212FC DC/DC/Rly (6ES7212-1HF40-0XB0)
1214C AC/DC/Rly (6ES7214-1BG40-0XB0)
1214C DC/DC/DC (6ES7214-1AG40-0XB0)
1214C DC/DC/Rly (6ES7214-1HG40-0XB0)
1214FC DC/DC/DC (6ES7214-1AF40-0XB0)
1214FC DC/DC/Rly (6ES7214-1HF40-0XB0)
1215C AC/DC/Rly (6ES7215-1BG40-0XB0)
1215C DC/DC/DC (6ES7215-1AG40-0XB0)
1215C DC/DC/Rly (6ES7215-1HG40-0XB0)
1215FC DC/DC/DC (6ES7215-1AF40-0XB0)
1215FC DC/DC/Rly (6ES7215-1HF40-0XB0)
1217C DC/DC/DC (6ES7217-1AG40-0XB0)

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References

https://cert-portal.siemens.com/productcert/html/ssa-717113.html

CVSS Score

7.1 / 10

CVSS Data - 3.1

Attack Vector: NETWORK
Attack Complexity: LOW
Privileges Required: NONE
Scope: UNCHANGED
Confidentiality Impact: NONE
Integrity Impact: LOW
Availability Impact: HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

View Vector String

Timeline

Published: Jan. 14, 2025, 11:15 a.m.
Last Modified: Jan. 14, 2025, 11:15 a.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

productcert@siemens.com

CVE-2024-47100