CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
EPSS
Percentile
34.4%
The login endpoint /FormLogin in affected web services does not apply proper origin checking.
This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack.
Vendor | Product | Version | CPE |
---|---|---|---|
siemens | simatic_s7-1500_software_controller | - | cpe:2.3:a:siemens:simatic_s7-1500_software_controller:-:*:*:*:*:*:*:* |
siemens | simatic_s7-plcsim_advanced | - | cpe:2.3:a:siemens:simatic_s7-plcsim_advanced:-:*:*:*:*:*:*:* |
siemens | simatic_wincc_runtime | - | cpe:2.3:a:siemens:simatic_wincc_runtime:-:*:*:*:advanced:*:*:* |
siemens | 6es7154-8fb01-0ab0 | - | cpe:2.3:h:siemens:6es7154-8fb01-0ab0:-:*:*:*:*:*:*:* |
siemens | 6es7154-8fb01-0ab0_firmware | * | cpe:2.3:o:siemens:6es7154-8fb01-0ab0_firmware:*:*:*:*:*:*:*:* |
siemens | 6es7154-8ab01-0ab0 | - | cpe:2.3:h:siemens:6es7154-8ab01-0ab0:-:*:*:*:*:*:*:* |
siemens | 6es7154-8ab01-0ab0_firmware | * | cpe:2.3:o:siemens:6es7154-8ab01-0ab0_firmware:*:*:*:*:*:*:*:* |
siemens | 6es7154-8fx00-0ab0 | - | cpe:2.3:h:siemens:6es7154-8fx00-0ab0:-:*:*:*:*:*:*:* |
siemens | 6es7154-8fx00-0ab0_firmware | * | cpe:2.3:o:siemens:6es7154-8fx00-0ab0_firmware:*:*:*:*:*:*:*:* |
siemens | 6es7151-8ab01-0ab0 | - | cpe:2.3:h:siemens:6es7151-8ab01-0ab0:-:*:*:*:*:*:*:* |