Siemens SIMATIC S7-1200 CPU open Redirection Vulnerability (CVE-2015-1048)

Siemens SIMATIC S7-1200 CPU open Redirection Vulnerability (CVE-2015-1048)

Release date:
Updated on:

Affected Systems:
Siemens SIMATIC S7-1200 CPU <V4.1
Description:
Bugtraq id: 72282
CVE (CAN) ID: CVE-2015-1048

The SIMATIC S7-1200 is a programmable controller that enables simple but highly precise automation tasks.

Siemens SIMATIC S7-1200 CPU device (earlier than firmware 4.1) integrated Web server (port 80/tcp and port 443/tcp) has an open redirection vulnerability, remote attackers can exploit this vulnerability to redirect victims to any website for phishing attacks.

<* Source: Ralf w.neberg

Link: http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-597212.pdf
*>

Suggestion:
Vendor patch:

Siemens
-------
Siemens has released a Security Bulletin (SSA-597212) and patches for this:
SSA-597212: Web Vulnerability in SIMATIC S7-1200 CPU
Link: http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-597212.pdf

Patch download: http://support.automation.siemens.com/WW/llisapi.dll? Func = cslib. csinfo & lang = en & objid = 106200276 & caller = view

This article permanently updates the link address: