OTPulse
FeedAboutContact

Siemens SIMATIC S7-1200 CPU Web Vulnerability

Low RiskICS-CERT ICSA-15-022-01Oct 25, 2015
Summary

The SIMATIC S7-1200 CPU web interface contains an open redirect vulnerability (CWE-601) in firmware versions prior to V4.1. An attacker can craft a malicious URL that redirects users to arbitrary external sites, potentially for credential theft or malware delivery. The web interface does not properly validate redirect parameters.

What this means
What could happen
An attacker with network access to the S7-1200 CPU's web interface could perform open redirect attacks, potentially tricking operators into visiting malicious sites or facilitating phishing attacks against authorized users.
Who's at risk
Water treatment facilities and municipal electric utilities relying on SIMATIC S7-1200 PLCs for process control, especially those where the CPU web interface is used for remote monitoring or configuration by engineering staff.
How it could be exploited
An attacker crafts a malicious link containing a redirect parameter in the S7-1200 CPU's web interface. When an authorized operator clicks the link, the browser is redirected to an attacker-controlled website. This can be used for credential harvesting or malware distribution.
Prerequisites
  • Network access to the S7-1200 CPU web interface (typically port 80/443)
  • A valid operator who clicks a crafted malicious link
remotely exploitablelow complexityaffects control system availability through social engineering
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (1)
ProductAffected VersionsFix Status
SIMATIC S7-1200 CPU family: <V4.1<V4.1No fix (EOL)
Remediation & Mitigation
0/3
Do now
0/2
HARDENINGRestrict network access to the S7-1200 CPU web interface using firewalls or network segmentation. Only allow authorized engineering workstations or admin machines to reach the web port.
WORKAROUNDDisable the web interface on the S7-1200 CPU if it is not required for operations.
Mitigations - no patch available
0/1
SIMATIC S7-1200 CPU family: <V4.1 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGTrain operators to verify URLs before clicking links that originate from or reference the CPU interface.
View full CISA ICS-CERT advisory
โ†‘โ†“ Navigate ยท Esc Close
API: /api/v1/advisories/49696099-77f8-4c1b-9d55-1faa66d46899