You are here

Siemens SIMATIC S7-1200 CPU Family Version 4 (ICSA-18-282-04) – Product Used in the Water and Wastewater and Energy Sectors

Siemens SIMATIC S7-1200 CPU Family Version 4 (ICSA-18-282-04) – Product Used in the Water and Wastewater and Energy Sectors

Created: Thursday, October 11, 2018 - 18:12
Categories:
Cybersecurity

The NCCIC has released an advisory on a cross-site request forgery (CSRF) vulnerability in SIMATIC S7-1200 CPU Version 4. All versions prior to 4.2.3 are affected. Successful exploitation of this vulnerability could allow a CSRF attack if an unsuspecting user is tricked into accessing a malicious link. Siemens provides a firmware update (v4.2.3) and recommends users update to the new version. To reduce the risk, Siemens recommends users not visit other websites while being authenticated against the PLC. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.