ID
VAR-202410-0118
CVE
CVE-2024-46886
TITLE
Siemens Multiple Products URL Redirection Vulnerability
Trust: 0.6
DESCRIPTION
The web server of affected devices does not properly validate input that is used for a user redirection. This could allow an attacker to make the server redirect the legitimate user to an attacker-chosen URL. For a successful exploit, the legitimate user must actively click on an attacker-crafted link. SIMATIC Drive Controllers are designed for the automation of production machines and combine the functionality of the SIMATIC S7-1500 CPU and SINAMICS S120 drive control. The SIMATIC ET 200SP Open Controller is a PC-based version of the SIMATIC S7-1500 controller, including optional visualization as well as central I/O in a compact device. Both the SIMATIC S7-1200 CPU and the SIMATIC S7-1500 CPU are designed for discrete and continuous control in industrial environments such as the global manufacturing, food and beverage, and chemical industries. The SIMATIC S7-1500 MFP CPUs offer the functionality of standard S7-1500 CPUs and can run C/C++ code in the CPU runtime to execute your own functions/algorithms implemented in C/C++. The SIMATIC S7-1500 Software Controller is a SIMATIC software controller for PC-based automation solutions. SIMATIC S7-PLCSIM Advanced simulates S7-1200, S7-1500 and some other PLC derivatives
Trust: 1.44
IOT TAXONOMY
| category: | ['ICS'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | siemens | model: | simatic s7-plcsim advanced | scope: | - | version: | - | Trust: 0.6 |
| vendor: | siemens | model: | simatic et 200sp open controller cpu 1515sp pc2 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | siemens | model: | simatic s7-1500 cpu family | scope: | - | version: | - | Trust: 0.6 |
| vendor: | siemens | model: | simatic s7-1500 software controller | scope: | eq | version: | v3 | Trust: 0.6 |
| vendor: | siemens | model: | simatic drive controller cpu 1504d tf | scope: | lt | version: | 3.1.4 | Trust: 0.6 |
| vendor: | siemens | model: | simatic drive controller cpu 1507d tf | scope: | lt | version: | 3.1.4 | Trust: 0.6 |
| vendor: | siemens | model: | simatic s7-1200 cpu family | scope: | eq | version: | v4 | Trust: 0.6 |
| vendor: | siemens | model: | simatic s7-1500 software controller | scope: | eq | version: | v2 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-601 | Trust: 1.0 |
PATCH
| title: | Patch for Siemens Multiple Products URL Redirection Vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/598706 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2024-46886 | Trust: 1.6 |
| db: | SIEMENS | id: | SSA-876787 | Trust: 1.6 |
| db: | CNVD | id: | CNVD-2024-40007 | Trust: 0.6 |
REFERENCES
| url: | https://cert-portal.siemens.com/productcert/html/ssa-876787.html | Trust: 1.6 |
SOURCES
| db: | CNVD | id: | CNVD-2024-40007 |
| db: | NVD | id: | CVE-2024-46886 |
LAST UPDATE DATE
2024-10-18T03:55:34.708000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2024-40007 | date: | 2024-10-10T00:00:00 |
| db: | NVD | id: | CVE-2024-46886 | date: | 2024-10-10T12:56:30.817 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2024-40007 | date: | 2024-10-10T00:00:00 |
| db: | NVD | id: | CVE-2024-46886 | date: | 2024-10-08T09:15:16.093 |