Key Information Vulnerability Description Vulnerability ID: SSA-876787 Affected Products: SIMATIC S7-1500 and S7-1200 CPUs Vulnerability Type: Open Redirect Vulnerability Affected Versions: V1.0 CVSS v3.1 Base Score: 4.7 CVSS v4.0 Base Score: 5.1 Affected Scope Affected Products and Versions: - SIMATIC Drive Controller family - SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) - SIMATIC S7-1200 CPU family V4 (incl. SIPLUS variants) - SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) - SIMATIC S7-1500 Software Controller - SIMATIC S7-PLCSIM Advanced Solution Recommended Actions: - Upgrade to V3.1.4 or later - Refer to the "Operation and Remediation" section for further recommendations Operation and Remediation Operation: - The web server on affected devices does not properly validate input used for user redirection. - Attackers can exploit this vulnerability to redirect legitimate users to URLs specified by the attacker. Remediation: - Do not click on links from unknown sources. General Security Recommendations Recommended Actions: - Protect network access to devices with appropriate mechanisms. - Configure the environment in accordance with Siemens Industrial Security Operational Guidelines. - Follow recommendations in the product manual. Product Description Product Description: - Describes the functionality and features of the affected products. Additional Information Contact Information: - Contact Siemens ProductCERT for more information. Historical Data Release Date: 2024-10-08 Terms and Use Terms and Use: - Siemens Security Advisories are subject to the underlying license terms or other applicable agreements previously negotiated with Siemens. Where applicable, the terms and conditions of use for software or documentation provided in Siemens Security Advisories (the "Terms of Use") shall apply, particularly Sections 8–10 of the "Terms of Use". In case of conflict, license terms shall take precedence over the "Terms of Use".