CVE-2022-30694
Severity CVSS v4.0:
Pending analysis
Type:
CWE-352
Cross-Site Request Forgery (CSRF)
Publication date:
08/11/2022
Last modified:
11/04/2023
Description
The login endpoint /FormLogin in affected web services does not apply proper origin checking.<br />
<br />
This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack.
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:siemens:simatic_s7-1500_software_controller:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:siemens:simatic_s7-plcsim_advanced:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:siemens:simatic_wincc_runtime:-:*:*:*:advanced:*:*:* | ||
| cpe:2.3:o:siemens:6es7154-8fb01-0ab0_firmware:*:*:*:*:*:*:*:* | 3.2.19 (excluding) | |
| cpe:2.3:h:siemens:6es7154-8fb01-0ab0:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:siemens:6es7154-8ab01-0ab0_firmware:*:*:*:*:*:*:*:* | 3.2.19 (excluding) | |
| cpe:2.3:h:siemens:6es7154-8ab01-0ab0:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:siemens:6es7154-8fx00-0ab0_firmware:*:*:*:*:*:*:*:* | 3.2.19 (excluding) | |
| cpe:2.3:h:siemens:6es7154-8fx00-0ab0:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:siemens:6es7151-8ab01-0ab0_firmware:*:*:*:*:*:*:*:* | 3.2.19 (excluding) | |
| cpe:2.3:h:siemens:6es7151-8ab01-0ab0:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:siemens:6es7151-8fb01-0ab0_firmware:*:*:*:*:*:*:*:* | 3.2.19 (excluding) | |
| cpe:2.3:h:siemens:6es7151-8fb01-0ab0:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:siemens:6es7314-6eh04-0ab0_firmware:*:*:*:*:*:*:*:* | 3.3.19 (excluding) | |
| cpe:2.3:h:siemens:6es7314-6eh04-0ab0:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page