CVE-2022-30694
CVSS V2 None
CVSS V3 Low 3.5
Description
The login endpoint /FormLogin in affected web services does not apply proper origin checking.
This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack.
Overview
- CVE ID
- CVE-2022-30694
- Assigner
- productcert@siemens.com
- Vulnerability Status
- Modified
- Published Version
- 2022-11-08T11:15:10
- Last Modified Date
- 2023-04-11T10:15:14
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| AND | ||||
| cpe:2.3:a:siemens:simatic_s7-1500_software_controller:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:siemens:simatic_s7-plcsim_advanced:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:siemens:simatic_wincc_runtime:-:*:*:*:advanced:*:*:* | 1 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:6es7154-8fb01-0ab0_firmware:*:*:*:*:*:*:*:* | 1 | OR | 3.2.19 | |
| cpe:2.3:h:siemens:6es7154-8fb01-0ab0:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:6es7154-8ab01-0ab0_firmware:*:*:*:*:*:*:*:* | 1 | OR | 3.2.19 | |
| cpe:2.3:h:siemens:6es7154-8ab01-0ab0:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:6es7154-8fx00-0ab0_firmware:*:*:*:*:*:*:*:* | 1 | OR | 3.2.19 | |
| cpe:2.3:h:siemens:6es7154-8fx00-0ab0:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:6es7151-8ab01-0ab0_firmware:*:*:*:*:*:*:*:* | 1 | OR | 3.2.19 | |
| cpe:2.3:h:siemens:6es7151-8ab01-0ab0:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:6es7151-8fb01-0ab0_firmware:*:*:*:*:*:*:*:* | 1 | OR | 3.2.19 | |
| cpe:2.3:h:siemens:6es7151-8fb01-0ab0:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:6es7314-6eh04-0ab0_firmware:*:*:*:*:*:*:*:* | 1 | OR | 3.3.19 | |
| cpe:2.3:h:siemens:6es7314-6eh04-0ab0:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:6es7315-2eh14-0ab0_firmware:*:*:*:*:*:*:*:* | 1 | OR | 3.2.19 | |
| cpe:2.3:h:siemens:6es7315-2eh14-0ab0:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:6es7315-2fj14-0ab0_firmware:*:*:*:*:*:*:*:* | 1 | OR | 3.2.19 | |
| cpe:2.3:h:siemens:6es7315-2fj14-0ab0:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:6es7315-7tj10-0ab0_firmware:*:*:*:*:*:*:*:* | 1 | OR | 3.2.19 | |
| cpe:2.3:h:siemens:6es7315-7tj10-0ab0:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:6es7317-2ek14-0ab0_firmware:*:*:*:*:*:*:*:* | 1 | OR | 3.2.19 | |
| cpe:2.3:h:siemens:6es7317-2ek14-0ab0:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:6es7317-2fk14-0ab0_firmware:*:*:*:*:*:*:*:* | 1 | OR | 3.2.19 | |
| cpe:2.3:h:siemens:6es7317-2fk14-0ab0:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:6es7317-7tk10-0ab0_firmware:*:*:*:*:*:*:*:* | 1 | OR | 3.2.19 | |
| cpe:2.3:h:siemens:6es7317-7tk10-0ab0:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:6es7317-7ul10-0ab0_firmware:*:*:*:*:*:*:*:* | 1 | OR | 3.2.19 | |
| cpe:2.3:h:siemens:6es7317-7ul10-0ab0:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:6es7318-3el01-0ab0_firmware:*:*:*:*:*:*:*:* | 1 | OR | 3.2.19 | |
| cpe:2.3:h:siemens:6es7318-3el01-0ab0:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:6es7318-3fl01-0ab0_firmware:*:*:*:*:*:*:*:* | 1 | OR | 3.2.19 | |
| cpe:2.3:h:siemens:6es7318-3fl01-0ab0:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:6ag1151-8ab01-7ab0_firmware:*:*:*:*:*:*:*:* | 1 | OR | 3.2.19 | |
| cpe:2.3:h:siemens:6ag1151-8ab01-7ab0:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:6ag1151-8fb01-2ab0_firmware:*:*:*:*:*:*:*:* | 1 | OR | 3.2.19 | |
| cpe:2.3:h:siemens:6ag1151-8fb01-2ab0:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:6ag1314-6eh04-7ab0_firmware:*:*:*:*:*:*:*:* | 1 | OR | 3.3.19 | |
| cpe:2.3:h:siemens:6ag1314-6eh04-7ab0:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:6ag1315-2eh14-7ab0_firmware:*:*:*:*:*:*:*:* | 1 | OR | 3.2.19 | |
| cpe:2.3:h:siemens:6ag1315-2eh14-7ab0:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:6ag1315-2fj14-2ab0_firmware:*:*:*:*:*:*:*:* | 1 | OR | 3.2.19 | |
| cpe:2.3:h:siemens:6ag1315-2fj14-2ab0:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:6ag1317-2ek14-7ab0_firmware:*:*:*:*:*:*:*:* | 1 | OR | 3.2.19 | |
| cpe:2.3:h:siemens:6ag1317-2ek14-7ab0:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:6ag1317-2fk14-2ab0_firmware:*:*:*:*:*:*:*:* | 1 | OR | 3.2.19 | |
| cpe:2.3:h:siemens:6ag1317-2fk14-2ab0:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:sinumerik_one_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:sinumerik_one:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_pcs_firmware:*:*:*:*:*:*:*:* | 1 | OR | 2.1 | |
| cpe:2.3:h:siemens:simatic_pcs:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_drive_controller_cpu_1504d_tf_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_drive_controller_cpu_1504d_tf:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_drive_controller_cpu_1507d_tf_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_drive_controller_cpu_1507d_tf:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-400_pn\/dp_v7_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-400_pn\/dp_v7:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-400_pn\/dp_v6_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-400_pn\/dp_v6:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1507s_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1507s:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1507s_f_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1507s_f:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1508s_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1508s:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1508s_f_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1508s_f:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1510sp_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1510sp:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1510sp-1_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1510sp-1:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1511-1_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1511-1:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1511-1_pn_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1511-1_pn:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1511c_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1511c:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1511c-1_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1511c-1:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1511f-1_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1511f-1:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1511f-1_pn_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1511f-1_pn:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1511t-1_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1511t-1:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1511tf-1_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1511tf-1:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1512c_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1512c:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1512c-1_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1512c-1:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1512sp-1_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1512sp-1:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1512spf-1_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1512spf-1:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1513-1_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1513-1:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1513-1_pn_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1513-1_pn:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1513f-1_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1513f-1:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1513f-1_pn_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1513f-1_pn:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1513r-1_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1513r-1:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_151511c-1_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_151511c-1:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_151511f-1_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_151511f-1:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1515-2_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1515-2:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1515-2_pn_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1515-2_pn:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1515f-2_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1515f-2:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1515f-2_pn_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1515f-2_pn:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1515r-2_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1515r-2:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1515t-2_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1515t-2:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1515tf-2_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1515tf-2:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1516-3_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516-3:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1516-3_dp_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516-3_dp:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1516-3_pn_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516-3_pn:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1516-3_pn\/dp_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516-3_pn\/dp:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1516f-3_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516f-3:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1516f-3_pn\/dp_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516f-3_pn\/dp:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1516pro_f_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516pro_f:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1516pro-2_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516pro-2:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1516t-3_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516t-3:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1516tf-3_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516tf-3:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1517-3_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1517-3:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1517-3_dp_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1517-3_dp:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1517-3_pn_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1517-3_pn:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1517-3_pn\/dp_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1517-3_pn\/dp:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1517f-3_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1517f-3:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1517f-3_pn\/dp_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1517f-3_pn\/dp:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1517tf-3_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1517tf-3:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518-4_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518-4_dp_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4_dp:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518-4_pn_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4_pn:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518-4_pn\/dp_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4_pn\/dp:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518-4_pn\/dp_mfp_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4_pn\/dp_mfp:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518f-4_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518f-4:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518f-4_pn\/dp_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518f-4_pn\/dp:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518hf-4_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518hf-4:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518t-4_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518t-4:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518tf-4_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518tf-4:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_15pro-2_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_15pro-2:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_15prof-2_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_15prof-2:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_cpu_1513pro-2_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_cpu_1513pro-2:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1500_cpu_cpu_1513prof-2_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1500_cpu_cpu_1513prof-2:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1200_cpu_12_1211c_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1200_cpu_12_1211c:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1200_cpu_12_1212c_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1200_cpu_12_1212c:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1200_cpu_12_1212fc_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1200_cpu_12_1212fc:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1200_cpu_12_1214c_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1200_cpu_12_1214c:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1200_cpu_12_1214fc_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1200_cpu_12_1214fc:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1200_cpu_12_1215c_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1200_cpu_12_1215c:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1200_cpu_12_1215fc_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1200_cpu_12_1215fc:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1200_cpu_12_1217c_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1200_cpu_12_1217c:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1200_cpu_1211c_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1200_cpu_1211c:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1200_cpu_1212c_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1200_cpu_1212c:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1200_cpu_1212fc_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1200_cpu_1212fc:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1200_cpu_1214_fc_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214_fc:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1200_cpu_1214c_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214c:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1200_cpu_1214fc_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214fc:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1200_cpu_1215_fc_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1200_cpu_1215_fc:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1200_cpu_1215c_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1200_cpu_1215c:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1200_cpu_1215fc_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1200_cpu_1215fc:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:simatic_s7-1200_cpu_1217c_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:siemens:simatic_s7-1200_cpu_1217c:-:*:*:*:*:*:*:* | 0 | OR |
CVSS Version 3
- Version
- 3.1
- Vector String
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
- Attack Vector
- NETWORK
- Attack Compatibility
- LOW
- Privileges Required
- LOW
- User Interaction
- REQUIRED
- Scope
- UNCHANGED
- Confidentiality Impact
- LOW
- Availability Impact
- NONE
- Base Score
- 3.5
- Base Severity
- LOW
- Exploitability Score
- 2.1
- Impact Score
- 1.4
References
| Reference URL | Reference Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-478960.pdf |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-30694 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30694 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-11-08 12:00:17 | Added to TrackCVE | |||
| 2022-12-07 17:26:54 | 2022-11-08T11:15Z | 2022-11-08T11:15:10 | CVE Published Date | updated |
| 2022-12-07 17:26:54 | 2022-11-09T16:33:07 | CVE Modified Date | updated | |
| 2022-12-07 17:26:54 | Analyzed | Vulnerability Status | updated | |
| 2022-12-07 17:27:00 | CPE Information | updated | ||
| 2022-12-13 16:17:39 | 2022-12-13T16:15:18 | CVE Modified Date | updated | |
| 2022-12-13 16:17:39 | Analyzed | Modified | Vulnerability Status | updated |
| 2022-12-13 16:17:39 | A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.2.19), SIMATIC PC Station (All versions >= V2.1), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions < V3.3.19), SIMATIC S7-300 CPU 315-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 319-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions < V3.2.19), SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-PLCSIM Advanced (All versions), SIMATIC WinCC Runtime Advanced (All versions), SINUMERIK ONE (All versions), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions < V3.2.19), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions < V3.2.19), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions < V3.3.19), SIPLUS S7-300 CPU 315-2 PN/DP (All versions < V3.2.19), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions < V3.2.19), SIPLUS S7-300 CPU 317-2 PN/DP (All versions < V3.2.19), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions < V3.2.19). The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack. | A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V3.0.1), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.2.19), SIMATIC PC Station (All versions >= V2.1), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.6.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V3.0.1), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions < V3.3.19), SIMATIC S7-300 CPU 315-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 319-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions < V3.2.19), SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-PLCSIM Advanced (All versions < V5.0), SIMATIC WinCC Runtime Advanced (All versions), SINUMERIK ONE (All versions), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions < V3.2.19), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions < V3.2.19), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions < V3.3.19), SIPLUS S7-300 CPU 315-2 PN/DP (All versions < V3.2.19), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions < V3.2.19), SIPLUS S7-300 CPU 317-2 PN/DP (All versions < V3.2.19), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions < V3.2.19). The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack. | Description | updated |
| 2022-12-13 17:20:33 | 2022-12-13T17:15:14 | CVE Modified Date | updated | |
| 2022-12-13 17:20:33 | A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V3.0.1), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.2.19), SIMATIC PC Station (All versions >= V2.1), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.6.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V3.0.1), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions < V3.3.19), SIMATIC S7-300 CPU 315-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 319-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions < V3.2.19), SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-PLCSIM Advanced (All versions < V5.0), SIMATIC WinCC Runtime Advanced (All versions), SINUMERIK ONE (All versions), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions < V3.2.19), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions < V3.2.19), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions < V3.3.19), SIPLUS S7-300 CPU 315-2 PN/DP (All versions < V3.2.19), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions < V3.2.19), SIPLUS S7-300 CPU 317-2 PN/DP (All versions < V3.2.19), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions < V3.2.19). The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack. | A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V3.0.1), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.2.19), SIMATIC PC Station (All versions >= V2.1), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.6.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V3.0.1), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions < V3.3.19), SIMATIC S7-300 CPU 315-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 319-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions < V3.2.19), SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-PLCSIM Advanced (All versions < V5.0), SIMATIC WinCC Runtime Advanced (All versions), SINUMERIK ONE (All versions), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions < V3.2.19), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions < V3.2.19), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions < V3.3.19), SIPLUS S7-300 CPU 315-2 PN/DP (All versions < V3.2.19), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions < V3.2.19), SIPLUS S7-300 CPU 317-2 PN/DP (All versions < V3.2.19), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions < V3.2.19). The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack. | Description | updated |
| 2023-01-10 12:19:58 | 2023-01-10T12:15:17 | CVE Modified Date | updated | |
| 2023-01-10 12:19:58 | A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V3.0.1), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.2.19), SIMATIC PC Station (All versions >= V2.1), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.6.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V3.0.1), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions < V3.3.19), SIMATIC S7-300 CPU 315-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 319-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions < V3.2.19), SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-PLCSIM Advanced (All versions < V5.0), SIMATIC WinCC Runtime Advanced (All versions), SINUMERIK ONE (All versions), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions < V3.2.19), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions < V3.2.19), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions < V3.3.19), SIPLUS S7-300 CPU 315-2 PN/DP (All versions < V3.2.19), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions < V3.2.19), SIPLUS S7-300 CPU 317-2 PN/DP (All versions < V3.2.19), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions < V3.2.19). The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack. | A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V3.0.1), SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.2.19), SIMATIC PC Station (All versions >= V2.1), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.6.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V3.0.1), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions < V3.3.19), SIMATIC S7-300 CPU 315-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 319-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions < V3.2.19), SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-PLCSIM Advanced (All versions < V5.0), SIMATIC WinCC Runtime Advanced (All versions), SINUMERIK ONE (All versions), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions < V3.2.19), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions < V3.2.19), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions < V3.3.19), SIPLUS S7-300 CPU 315-2 PN/DP (All versions < V3.2.19), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions < V3.2.19), SIPLUS S7-300 CPU 317-2 PN/DP (All versions < V3.2.19), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions < V3.2.19). The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack. | Description | updated |
| 2023-04-11 12:13:29 | 2023-04-11T10:15:14 | CVE Modified Date | updated | |
| 2023-04-11 12:13:30 | A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V3.0.1), SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.2.19), SIMATIC PC Station (All versions >= V2.1), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.6.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V3.0.1), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions < V3.3.19), SIMATIC S7-300 CPU 315-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 319-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions < V3.2.19), SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-PLCSIM Advanced (All versions < V5.0), SIMATIC WinCC Runtime Advanced (All versions), SINUMERIK ONE (All versions), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions < V3.2.19), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions < V3.2.19), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions < V3.3.19), SIPLUS S7-300 CPU 315-2 PN/DP (All versions < V3.2.19), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions < V3.2.19), SIPLUS S7-300 CPU 317-2 PN/DP (All versions < V3.2.19), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions < V3.2.19). The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack. | The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack. | Description | updated |