Lucene search
+L

4 matches found

nessus
nessus
added 2022/12/16 12:0 a.m.65 views

Siemens Web Server Login Page of Industrial Controllers Cross-Site Request Forgery (CVE-2022-30694)

The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross- site request forgery attack. This plugin only works with Tenable.ot. Please visit...

6.5CVSS6.5AI score0.00294EPSS
Exploits0References3
osv
osv
added 2022/11/08 11:15 a.m.6 views

CVE-2022-30694

The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack...

6.5CVSS5.8AI score0.00294EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2022/11/08 12:0 a.m.6 views

CVE-2022-30694

The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack...

6.5CVSS6.3AI score0.00294EPSS
Exploits0References1
cve
cve
added 2022/11/08 12:0 a.m.136 views

CVE-2022-30694

Summary: CVE-2022-30694 is a CSRF vulnerability in the Siemens web server login endpoint "/FormLogin" that can allow an authenticated attacker to track other users’ activities by bypassing origin checks. The issue affects multiple Siemens products including SIMATIC Drive Controllers, SIMATIC ET 2...

6.5CVSS4.6AI score0.00294EPSS
Exploits0References1Affected Software3
Rows per page
Query Builder