cvelistv5 - cve-2015-5698

CVE-2015-5698 (GCVE-0-2015-5698)

Vulnerability from cvelistv5

Published

2015-08-30 00:00

Modified

2024-08-06 06:59

Severity ?

CWE

Summary

Cross-site request forgery (CSRF) vulnerability in the web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

References

►

URL

Tags

cve@mitre.org	http://packetstormsecurity.com/files/172315/Siemens-SIMATIC-S7-1200-Cross-Site-Request-Forgery.html
cve@mitre.org	http://www.securitytracker.com/id/1033419
cve@mitre.org	http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-134003.pdf	Patch, Vendor Advisory
cve@mitre.org	https://cert-portal.siemens.com/productcert/pdf/ssa-134003.pdf
cve@mitre.org	https://ics-cert.us-cert.gov/advisories/ICSA-15-239-02	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/172315/Siemens-SIMATIC-S7-1200-Cross-Site-Request-Forgery.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1033419
af854a3a-2127-422b-91ae-364da2661108	http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-134003.pdf	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://cert-portal.siemens.com/productcert/pdf/ssa-134003.pdf
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-15-239-02	Third Party Advisory, US Government Resource

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:59:03.900Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1033419",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033419"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-134003.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-239-02"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-134003.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/172315/Siemens-SIMATIC-S7-1200-Cross-Site-Request-Forgery.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-08-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in the web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-15T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1033419",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1033419"
        },
        {
          "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-134003.pdf"
        },
        {
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-239-02"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-134003.pdf"
        },
        {
          "url": "http://packetstormsecurity.com/files/172315/Siemens-SIMATIC-S7-1200-Cross-Site-Request-Forgery.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-5698",
    "datePublished": "2015-08-30T00:00:00",
    "dateReserved": "2015-07-29T00:00:00",
    "dateUpdated": "2024-08-06T06:59:03.900Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-5698\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2015-08-30T14:59:03.313\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site request forgery (CSRF) vulnerability in the web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de CSRF en el servidor web en dispositivos Siemens SIMATIC S7-1200 CPU con firmware en versiones anteriores a 4.1.3, permite a atacantes remotos secuestrar la autenticaci\u00f3n de v\u00edctimas no especificadas a trav\u00e9s de vectores no especificados.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_s7_1200_cpu_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.1.2\",\"matchCriteriaId\":\"5876D57A-A65A-4968-BDDA-EAA7EEB8BFCB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:siemens:simatic_s7_1200_cpu:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"79270F18-B58F-4F16-ACAD-297AE91F27EB\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/172315/Siemens-SIMATIC-S7-1200-Cross-Site-Request-Forgery.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id/1033419\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-134003.pdf\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-134003.pdf\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-15-239-02\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://packetstormsecurity.com/files/172315/Siemens-SIMATIC-S7-1200-Cross-Site-Request-Forgery.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1033419\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-134003.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-134003.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-15-239-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}"
  }
}

fkie_cve-2015-5698

Vulnerability from fkie_nvd

Published

2015-08-30 14:59

Modified

2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://packetstormsecurity.com/files/172315/Siemens-SIMATIC-S7-1200-Cross-Site-Request-Forgery.html
cve@mitre.org	http://www.securitytracker.com/id/1033419
cve@mitre.org	http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-134003.pdf	Patch, Vendor Advisory
cve@mitre.org	https://cert-portal.siemens.com/productcert/pdf/ssa-134003.pdf
cve@mitre.org	https://ics-cert.us-cert.gov/advisories/ICSA-15-239-02	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/172315/Siemens-SIMATIC-S7-1200-Cross-Site-Request-Forgery.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1033419
af854a3a-2127-422b-91ae-364da2661108	http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-134003.pdf	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://cert-portal.siemens.com/productcert/pdf/ssa-134003.pdf
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-15-239-02	Third Party Advisory, US Government Resource

Impacted products

	Vendor	Product	Version
	siemens	simatic_s7_1200_cpu_firmware	*
	siemens	simatic_s7_1200_cpu	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_s7_1200_cpu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5876D57A-A65A-4968-BDDA-EAA7EEB8BFCB",
              "versionEndIncluding": "4.1.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7_1200_cpu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "79270F18-B58F-4F16-ACAD-297AE91F27EB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery (CSRF) vulnerability in the web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de CSRF en el servidor web en dispositivos Siemens SIMATIC S7-1200 CPU con firmware en versiones anteriores a 4.1.3, permite a atacantes remotos secuestrar la autenticaci\u00f3n de v\u00edctimas no especificadas a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2015-5698",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-08-30T14:59:03.313",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://packetstormsecurity.com/files/172315/Siemens-SIMATIC-S7-1200-Cross-Site-Request-Forgery.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1033419"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-134003.pdf"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-134003.pdf"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-239-02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/172315/Siemens-SIMATIC-S7-1200-Cross-Site-Request-Forgery.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1033419"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-134003.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-134003.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-239-02"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

tid-322

Vulnerability from emb3d

Type

application-software

Link

Show details on source website

Description

If a threat actor can include malicious JavaScript within a page viewed by a legitimate device user, that script can send malicious authenticated HTTP requests (using XMLHttpRequest) to the device. Due to the Same Origin Policy defined by most web browsers, the HTTP requests sent to the device will include any valid session tokens the user/browser has previously established for that device. Therefore, this could be used to send malicious requests to a device to change key functions or configurations, including changing device credentials. This requires that the threat actor tricks the user into viewing another page while they have an authenticated session with the device.

CWE

CWE-352: Cross-Site Request Forgery (CSRF) (Compound)

gsd-2015-5698

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2015-5698

Aliases

CVE-2015-5698

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-5698",
    "description": "Cross-site request forgery (CSRF) vulnerability in the web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.",
    "id": "GSD-2015-5698",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2015-5698"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-5698"
      ],
      "details": "Cross-site request forgery (CSRF) vulnerability in the web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.",
      "id": "GSD-2015-5698",
      "modified": "2023-12-13T01:20:06.210550Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2015-5698",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site request forgery (CSRF) vulnerability in the web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1033419",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1033419"
          },
          {
            "name": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-134003.pdf",
            "refsource": "CONFIRM",
            "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-134003.pdf"
          },
          {
            "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-239-02",
            "refsource": "MISC",
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-239-02"
          },
          {
            "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-134003.pdf",
            "refsource": "CONFIRM",
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-134003.pdf"
          },
          {
            "name": "http://packetstormsecurity.com/files/172315/Siemens-SIMATIC-S7-1200-Cross-Site-Request-Forgery.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/172315/Siemens-SIMATIC-S7-1200-Cross-Site-Request-Forgery.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7_1200_cpu_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.1.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7_1200_cpu:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-5698"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in the web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-352"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-134003.pdf",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-134003.pdf"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-239-02",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-239-02"
            },
            {
              "name": "1033419",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1033419"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-134003.pdf",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-134003.pdf"
            },
            {
              "name": "http://packetstormsecurity.com/files/172315/Siemens-SIMATIC-S7-1200-Cross-Site-Request-Forgery.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://packetstormsecurity.com/files/172315/Siemens-SIMATIC-S7-1200-Cross-Site-Request-Forgery.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2023-05-15T17:15Z",
      "publishedDate": "2015-08-30T14:59Z"
    }
  }
}

ghsa-62q2-fh79-mxq5

Vulnerability from github

Published

2022-05-17 03:19

Modified

2022-05-17 03:19

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-5698"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-352"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-08-30T14:59:00Z",
    "severity": "HIGH"
  },
  "details": "Cross-site request forgery (CSRF) vulnerability in the web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.",
  "id": "GHSA-62q2-fh79-mxq5",
  "modified": "2022-05-17T03:19:37Z",
  "published": "2022-05-17T03:19:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5698"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-134003.pdf"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-239-02"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/172315/Siemens-SIMATIC-S7-1200-Cross-Site-Request-Forgery.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1033419"
    },
    {
      "type": "WEB",
      "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-134003.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2015-5698 (GCVE-0-2015-5698)

Vulnerability from cvelistv5

fkie_cve-2015-5698

Vulnerability from fkie_nvd

tid-322

Vulnerability from emb3d

gsd-2015-5698

Vulnerability from gsd

ghsa-62q2-fh79-mxq5

Vulnerability from github

Tags

Sightings

Nomenclature