Vulnerabilities > CVE-2015-1048 - Open Redirection vulnerability in Siemens Simatic S7 1200 CPU Firmware 4.0

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

siemens

NVD

Published: 2015-01-21

Updated: 2020-02-10

Summary

Open redirect vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. <a href="http://cwe.mitre.org/data/definitions/601.html">CWE-601: URL Redirection to Untrusted Site ('Open Redirect')</a>

Vulnerable Configurations

Part	Description	Count
OS	Siemens Siemens Simatic S7 1200 CPU Firmware 4.0	1
Hardware	Siemens Siemens Simatic S7 1200 CPU *	1

References

http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-597212.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-597212.pdf