CVE-2024-47100

CVE-2024-47100

Título es
CVE-2024-47100

Mar, 14/01/2025 – 11:15

Tipo
CWE-352

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-47100

Descripción es
Se ha identificado una vulnerabilidad en SIMATIC S7-1200 CPU 1211C AC/DC/Rly (6ES7211-1BE40-0XB0), SIMATIC S7-1200 CPU 1211C DC/DC/DC (6ES7211-1AE40-0XB0), SIMATIC S7-1200 CPU 1211C DC/DC/Rly (6ES7211-1HE40-0XB0), SIMATIC S7-1200 CPU 1212C AC/DC/Rly (6ES7212-1BE40-0XB0), SIMATIC S7-1200 CPU 1212C DC/DC/DC (6ES7212-1AE40-0XB0), SIMATIC S7-1200 CPU 1212C DC/DC/Rly (6ES7212-1HE40-0XB0), CPU SIMATIC S7-1200 1212FC CC/CC/CC (6ES7212-1AF40-0XB0), CPU SIMATIC S7-1200 1212FC CC/CC/Reproducción (6ES7212-1HF40-0XB0), CPU SIMATIC S7-1200 1214C CA/CC/Reproducción (6ES7214-1BG40-0XB0), CPU SIMATIC S7-1200 1214C CC/CC/CC (6ES7214-1AG40-0XB0), CPU SIMATIC S7-1200 1214C CC/CC/Reproducción (6ES7214-1HG40-0XB0), CPU SIMATIC S7-1200 1214FC CC/CC/CC (6ES7214-1AF40-0XB0), CPU SIMATIC S7-1200 1214FC CC/CC/Reproducción (6ES7214-1HF40-0XB0), CPU SIMATIC S7-1200 1215C CA/CC/Reproducción (6ES7215-1BG40-0XB0), CPU SIMATIC S7-1200 1215C CC/CC/CC (6ES7215-1AG40-0XB0), CPU SIMATIC S7-1200 1215C CC/CC/Reproducción (6ES7215-1HG40-0XB0), CPU SIMATIC S7-1200 1215FC CC/CC/CC (6ES7215-1AF40-0XB0), CPU SIMATIC S7-1200 1215FC CC/CC/Reproducción (6ES7215-1HF40-0XB0), SIMATIC S7-1200 CPU 1217C CC/CC/CC (6ES7217-1AG40-0XB0), SIPLUS S7-1200 CPU 1212 CA/CC/RLY (6AG1212-1BE40-2XB0), SIPLUS S7-1200 CPU 1212 CA/CC/RLY (6AG1212-1BE40-4XB0), SIPLUS S7-1200 CPU 1212 CC/CC/RLY (6AG1212-1HE40-2XB0), SIPLUS S7-1200 CPU 1212 CC/CC/RLY (6AG1212-1HE40-4XB0), SIPLUS S7-1200 CPU 1212C CC/CC/CC (6AG1212-1AE40-2XB0), SIPLUS S7-1200 CPU 1212C CC/CC/CC (6AG1212-1AE40-4XB0), SIPLUS S7-1200 CPU 1212C CC/CC/CC RAIL (6AG2212-1AE40-1XB0), SIPLUS S7-1200 CPU 1214 CA/CC/RLY (6AG1214-1BG40-2XB0), SIPLUS S7-1200 CPU 1214 CA/CC/RLY (6AG1214-1BG40-4XB0), SIPLUS S7-1200 CPU 1214 CA/CC/RLY (6AG1214-1BG40-5XB0), SIPLUS S7-1200 CPU 1214 CC/CC/CC (6AG1214-1AG40-2XB0), SIPLUS S7-1200 CPU 1214 CC/CC/CC (6AG1214-1AG40-4XB0), SIPLUS S7-1200 CPU 1214 CC/CC/CC (6AG1214-1AG40-5XB0), SIPLUS S7-1200 CPU 1214 CC/CC/RLY (6AG1214-1HG40-2XB0), SIPLUS S7-1200 CPU 1214 CC/CC/RLY (6AG1214-1HG40-4XB0), SIPLUS S7-1200 CPU 1214 CC/CC/RLY (6AG1214-1HG40-5XB0), SIPLUS S7-1200 CPU 1214C CC/CC/CC RAIL (6AG2214-1AG40-1XB0), SIPLUS S7-1200 CPU 1214FC CC/CC/CC (6AG1214-1AF40-5XB0), SIPLUS S7-1200 CPU 1214FC CC/CC/RLY (6AG1214-1HF40-5XB0), SIPLUS S7-1200 CPU 1215 CA/CC/RLY (6AG1215-1BG40-2XB0), SIPLUS S7-1200 CPU 1215 CA/CC/RLY (6AG1215-1BG40-4XB0), SIPLUS S7-1200 CPU 1215 CA/CC/RLY (6AG1215-1BG40-5XB0), SIPLUS S7-1200 CPU 1215 CC/CC/CC (6AG1215-1AG40-2XB0), SIPLUS S7-1200 CPU 1215 CC/CC/CC (6AG1215-1AG40-4XB0), SIPLUS S7-1200 CPU 1215 CC/CC/RLY (6AG1215-1HG40-2XB0), SIPLUS S7-1200 CPU 1215 CC/CC/RLY (6AG1215-1HG40-4XB0), SIPLUS S7-1200 CPU 1215 CC/CC/RLY (6AG1215-1HG40-5XB0), SIPLUS S7-1200 CPU 1215C CC/CC/CC (6AG1215-1AG40-5XB0), SIPLUS S7-1200 CPU 1215FC CC/CC/CC (6AG1215-1AF40-5XB0). La interfaz web de los dispositivos afectados es vulnerable a ataques de Cross-Site Request Forgery (CSRF). Esto podría permitir que un atacante no autenticado cambie el modo de la CPU engañando a un usuario legítimo y autenticado con permisos suficientes en la CPU de destino para que haga clic en un enlace malicioso.

Descripción en
A vulnerability has been identified in SIMATIC S7-1200 CPU 1211C AC/DC/Rly (6ES7211-1BE40-0XB0), SIMATIC S7-1200 CPU 1211C DC/DC/DC (6ES7211-1AE40-0XB0), SIMATIC S7-1200 CPU 1211C DC/DC/Rly (6ES7211-1HE40-0XB0), SIMATIC S7-1200 CPU 1212C AC/DC/Rly (6ES7212-1BE40-0XB0), SIMATIC S7-1200 CPU 1212C DC/DC/DC (6ES7212-1AE40-0XB0), SIMATIC S7-1200 CPU 1212C DC/DC/Rly (6ES7212-1HE40-0XB0), SIMATIC S7-1200 CPU 1212FC DC/DC/DC (6ES7212-1AF40-0XB0), SIMATIC S7-1200 CPU 1212FC DC/DC/Rly (6ES7212-1HF40-0XB0), SIMATIC S7-1200 CPU 1214C AC/DC/Rly (6ES7214-1BG40-0XB0), SIMATIC S7-1200 CPU 1214C DC/DC/DC (6ES7214-1AG40-0XB0), SIMATIC S7-1200 CPU 1214C DC/DC/Rly (6ES7214-1HG40-0XB0), SIMATIC S7-1200 CPU 1214FC DC/DC/DC (6ES7214-1AF40-0XB0), SIMATIC S7-1200 CPU 1214FC DC/DC/Rly (6ES7214-1HF40-0XB0), SIMATIC S7-1200 CPU 1215C AC/DC/Rly (6ES7215-1BG40-0XB0), SIMATIC S7-1200 CPU 1215C DC/DC/DC (6ES7215-1AG40-0XB0), SIMATIC S7-1200 CPU 1215C DC/DC/Rly (6ES7215-1HG40-0XB0), SIMATIC S7-1200 CPU 1215FC DC/DC/DC (6ES7215-1AF40-0XB0), SIMATIC S7-1200 CPU 1215FC DC/DC/Rly (6ES7215-1HF40-0XB0), SIMATIC S7-1200 CPU 1217C DC/DC/DC (6ES7217-1AG40-0XB0), SIPLUS S7-1200 CPU 1212 AC/DC/RLY (6AG1212-1BE40-2XB0), SIPLUS S7-1200 CPU 1212 AC/DC/RLY (6AG1212-1BE40-4XB0), SIPLUS S7-1200 CPU 1212 DC/DC/RLY (6AG1212-1HE40-2XB0), SIPLUS S7-1200 CPU 1212 DC/DC/RLY (6AG1212-1HE40-4XB0), SIPLUS S7-1200 CPU 1212C DC/DC/DC (6AG1212-1AE40-2XB0), SIPLUS S7-1200 CPU 1212C DC/DC/DC (6AG1212-1AE40-4XB0), SIPLUS S7-1200 CPU 1212C DC/DC/DC RAIL (6AG2212-1AE40-1XB0), SIPLUS S7-1200 CPU 1214 AC/DC/RLY (6AG1214-1BG40-2XB0), SIPLUS S7-1200 CPU 1214 AC/DC/RLY (6AG1214-1BG40-4XB0), SIPLUS S7-1200 CPU 1214 AC/DC/RLY (6AG1214-1BG40-5XB0), SIPLUS S7-1200 CPU 1214 DC/DC/DC (6AG1214-1AG40-2XB0), SIPLUS S7-1200 CPU 1214 DC/DC/DC (6AG1214-1AG40-4XB0), SIPLUS S7-1200 CPU 1214 DC/DC/DC (6AG1214-1AG40-5XB0), SIPLUS S7-1200 CPU 1214 DC/DC/RLY (6AG1214-1HG40-2XB0), SIPLUS S7-1200 CPU 1214 DC/DC/RLY (6AG1214-1HG40-4XB0), SIPLUS S7-1200 CPU 1214 DC/DC/RLY (6AG1214-1HG40-5XB0), SIPLUS S7-1200 CPU 1214C DC/DC/DC RAIL (6AG2214-1AG40-1XB0), SIPLUS S7-1200 CPU 1214FC DC/DC/DC (6AG1214-1AF40-5XB0), SIPLUS S7-1200 CPU 1214FC DC/DC/RLY (6AG1214-1HF40-5XB0), SIPLUS S7-1200 CPU 1215 AC/DC/RLY (6AG1215-1BG40-2XB0), SIPLUS S7-1200 CPU 1215 AC/DC/RLY (6AG1215-1BG40-4XB0), SIPLUS S7-1200 CPU 1215 AC/DC/RLY (6AG1215-1BG40-5XB0), SIPLUS S7-1200 CPU 1215 DC/DC/DC (6AG1215-1AG40-2XB0), SIPLUS S7-1200 CPU 1215 DC/DC/DC (6AG1215-1AG40-4XB0), SIPLUS S7-1200 CPU 1215 DC/DC/RLY (6AG1215-1HG40-2XB0), SIPLUS S7-1200 CPU 1215 DC/DC/RLY (6AG1215-1HG40-4XB0), SIPLUS S7-1200 CPU 1215 DC/DC/RLY (6AG1215-1HG40-5XB0), SIPLUS S7-1200 CPU 1215C DC/DC/DC (6AG1215-1AG40-5XB0), SIPLUS S7-1200 CPU 1215FC DC/DC/DC (6AG1215-1AF40-5XB0). The web interface of the affected devices is vulnerable to Cross-Site Request Forgery (CSRF) attacks. This could allow an unauthenticated attacker to change the CPU mode by tricking a legitimate and authenticated user with sufficient permissions on the target CPU to click on a malicious link.

14/01/2025
14/01/2025
Vector CVSS:4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

Gravedad 4.0
7.20

Gravedad 4.0 txt
HIGH

Gravedad 3.1 (CVSS 3.1 Base Score)
7.10

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias

  • https://cert-portal.siemens.com/productcert/html/ssa-717113.html

    • Enviar en el boletín
    Off

    Jose Alexis Correa Valencia

    Consultor de sistemas informáticos avanzados con más de 25 años de experiencia en el sector privado. Su carrera se ha enfocado en el análisis y diseño de sistemas, la instalación y configuración de hardware y software, así como en la administración de redes para diversas empresas. Además, ha tenido el privilegio de ser capacitador en temáticas avanzadas, especializándose en el manejo de datos en línea, la seguridad de transacciones y los multimedios.

    Ver todas las entradas