CVE-2022-30694

Description

The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Physical

Changed

Affected products

Siemens / SIMATIC Drive Controller CPU 1504D TFAll versions < V2.9.7 – All versions < V2.9.7
Siemens / SIMATIC Drive Controller CPU 1507D TFAll versions < V2.9.7 – All versions < V2.9.7
Siemens / SIMATIC ET 200pro IM154-8F PN/DP CPUAll versions < V3.2.19 – All versions < V3.2.19
Siemens / SIMATIC ET 200pro IM154-8FX PN/DP CPUAll versions < V3.2.19 – All versions < V3.2.19
Siemens / SIMATIC ET 200pro IM154-8 PN/DP CPUAll versions < V3.2.19 – All versions < V3.2.19
Siemens / SIMATIC ET 200S IM151-8F PN/DP CPUAll versions < V3.2.19 – All versions < V3.2.19
Siemens / SIMATIC ET 200S IM151-8 PN/DP CPUAll versions < V3.2.19 – All versions < V3.2.19
Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)All versions < V21.9.7 – All versions < V21.9.7
Siemens / SIMATIC PC StationAll versions >= V2.1 – All versions >= V2.1
Siemens / SIMATIC S7-1200 CPU family (incl. SIPLUS variants)All versions < V4.6.0 – All versions < V4.6.0
Siemens / SIMATIC S7-1500 CPU 1510SP-1 PNAll versions – All versions
Siemens / SIMATIC S7-1500 CPU 1510SP-1 PNAll versions < V2.9.7 – All versions < V2.9.7
Siemens / SIMATIC S7-1500 CPU 1510SP F-1 PNAll versions – All versions
Siemens / SIMATIC S7-1500 CPU 1510SP F-1 PNAll versions < V2.9.7 – All versions < V2.9.7
Siemens / SIMATIC S7-1500 CPU 1511-1 PNAll versions < V2.9.7 – All versions < V2.9.7
Siemens / SIMATIC S7-1500 CPU 1511-1 PNAll versions – All versions
Siemens / SIMATIC S7-1500 CPU 1511C-1 PNAll versions < V2.9.7 – All versions < V2.9.7
Siemens / SIMATIC S7-1500 CPU 1511F-1 PNAll versions – All versions
Siemens / SIMATIC S7-1500 CPU 1511F-1 PNAll versions < V2.9.7 – All versions < V2.9.7
Siemens / SIMATIC S7-1500 CPU 1511T-1 PNAll versions < V2.9.7 – All versions < V2.9.7
Siemens / SIMATIC S7-1500 CPU 1511TF-1 PNAll versions < V2.9.7 – All versions < V2.9.7
Siemens / SIMATIC S7-1500 CPU 1512C-1 PNAll versions < V2.9.7 – All versions < V2.9.7
Siemens / SIMATIC S7-1500 CPU 1512SP-1 PNAll versions – All versions
Siemens / SIMATIC S7-1500 CPU 1512SP-1 PNAll versions < V2.9.7 – All versions < V2.9.7
Siemens / SIMATIC S7-1500 CPU 1512SP F-1 PNAll versions < V2.9.7 – All versions < V2.9.7
Siemens / SIMATIC S7-1500 CPU 1512SP F-1 PNAll versions – All versions
Siemens / SIMATIC S7-1500 CPU 1513-1 PNAll versions – All versions
Siemens / SIMATIC S7-1500 CPU 1513-1 PNAll versions < V2.9.7 – All versions < V2.9.7
Siemens / SIMATIC S7-1500 CPU 1513F-1 PNAll versions – All versions
Siemens / SIMATIC S7-1500 CPU 1513F-1 PNAll versions < V2.9.7 – All versions < V2.9.7
Siemens / SIMATIC S7-1500 CPU 1513R-1 PNAll versions < V2.9.7 – All versions < V2.9.7
Siemens / SIMATIC S7-1500 CPU 1515-2 PNAll versions – All versions
Siemens / SIMATIC S7-1500 CPU 1515-2 PNAll versions < V2.9.7 – All versions < V2.9.7
Siemens / SIMATIC S7-1500 CPU 1515F-2 PNAll versions – All versions
Siemens / SIMATIC S7-1500 CPU 1515F-2 PNAll versions < V2.9.7 – All versions < V2.9.7
Siemens / SIMATIC S7-1500 CPU 1515R-2 PNAll versions < V2.9.7 – All versions < V2.9.7
Siemens / SIMATIC S7-1500 CPU 1515T-2 PNAll versions < V2.9.7 – All versions < V2.9.7
Siemens / SIMATIC S7-1500 CPU 1515TF-2 PNAll versions < V2.9.7 – All versions < V2.9.7
Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DPAll versions – All versions
Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DPAll versions < V2.9.7 – All versions < V2.9.7
Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DPAll versions – All versions
Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DPAll versions < V2.9.7 – All versions < V2.9.7
Siemens / SIMATIC S7-1500 CPU 1516T-3 PN/DPAll versions < V3.0.1 – All versions < V3.0.1
Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN/DPAll versions < V3.0.1 – All versions < V3.0.1
Siemens / SIMATIC S7-1500 CPU 1517-3 PN/DPAll versions < V3.0.1 – All versions < V3.0.1
Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DPAll versions < V3.0.1 – All versions < V3.0.1
Siemens / SIMATIC S7-1500 CPU 1517H-3 PNAll versions < V3.0.1 – All versions < V3.0.1
Siemens / SIMATIC S7-1500 CPU 1517T-3 PN/DPAll versions < V3.0.1 – All versions < V3.0.1
Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN/DPAll versions < V3.0.1 – All versions < V3.0.1
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DPAll versions < V3.0.1 – All versions < V3.0.1
Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFPAll versions < V3.0.1 – All versions < V3.0.1
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DPAll versions < V3.0.1 – All versions < V3.0.1
Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFPAll versions < V3.0.1 – All versions < V3.0.1
Siemens / SIMATIC S7-1500 CPU 1518HF-4 PNAll versions < V3.0.1 – All versions < V3.0.1
Siemens / SIMATIC S7-1500 CPU 1518T-4 PN/DPAll versions < V3.0.1 – All versions < V3.0.1
Siemens / SIMATIC S7-1500 CPU 1518TF-4 PN/DPAll versions < V3.0.1 – All versions < V3.0.1
Siemens / SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODKAll versions < V2.9.7 – All versions < V2.9.7
Siemens / SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODKAll versions < V2.9.7 – All versions < V2.9.7
Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PNAll versions < V2.9.7 – All versions < V2.9.7
Siemens / SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PNAll versions < V2.9.7 – All versions < V2.9.7
Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PNAll versions < V2.9.7 – All versions < V2.9.7
Siemens / SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PNAll versions < V2.9.7 – All versions < V2.9.7
Siemens / SIMATIC S7-1500 Software Controller V2All versions < V21.9.7 – All versions < V21.9.7
Siemens / SIMATIC S7-300 CPU 314C-2 PN/DPAll versions < V3.3.19 – All versions < V3.3.19
Siemens / SIMATIC S7-300 CPU 315-2 PN/DPAll versions < V3.2.19 – All versions < V3.2.19
Siemens / SIMATIC S7-300 CPU 315F-2 PN/DPAll versions < V3.2.19 – All versions < V3.2.19
Siemens / SIMATIC S7-300 CPU 315T-3 PN/DPAll versions < V3.2.19 – All versions < V3.2.19
Siemens / SIMATIC S7-300 CPU 317-2 PN/DPAll versions < V3.2.19 – All versions < V3.2.19
Siemens / SIMATIC S7-300 CPU 317F-2 PN/DPAll versions < V3.2.19 – All versions < V3.2.19
Siemens / SIMATIC S7-300 CPU 317T-3 PN/DPAll versions < V3.2.19 – All versions < V3.2.19
Siemens / SIMATIC S7-300 CPU 317TF-3 PN/DPAll versions < V3.2.19 – All versions < V3.2.19
Siemens / SIMATIC S7-300 CPU 319-3 PN/DPAll versions < V3.2.19 – All versions < V3.2.19
Siemens / SIMATIC S7-300 CPU 319F-3 PN/DPAll versions < V3.2.19 – All versions < V3.2.19
Siemens / SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants)All versions – All versions
Siemens / SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)All versions – All versions
Siemens / SIMATIC S7-PLCSIM AdvancedAll versions < V5.0 – All versions < V5.0
Siemens / SIMATIC WinCC Runtime AdvancedAll versions < V17 Update 5 – All versions < V17 Update 5
Siemens / SINUMERIK ONEAll versions < V6.22 – All versions < V6.22
Siemens / SIPLUS ET 200S IM151-8F PN/DP CPUAll versions < V3.2.19 – All versions < V3.2.19
Siemens / SIPLUS ET 200S IM151-8 PN/DP CPUAll versions < V3.2.19 – All versions < V3.2.19
Siemens / SIPLUS ET 200SP CPU 1510SP-1 PNAll versions < V2.9.7 – All versions < V2.9.7
Siemens / SIPLUS ET 200SP CPU 1510SP-1 PN RAILAll versions < V2.9.7 – All versions < V2.9.7
Siemens / SIPLUS ET 200SP CPU 1510SP F-1 PNAll versions < V2.9.7 – All versions < V2.9.7
Siemens / SIPLUS ET 200SP CPU 1510SP F-1 PN RAILAll versions < V2.9.7 – All versions < V2.9.7
Siemens / SIPLUS ET 200SP CPU 1512SP-1 PNAll versions < V2.9.7 – All versions < V2.9.7
Siemens / SIPLUS ET 200SP CPU 1512SP-1 PN RAILAll versions < V2.9.7 – All versions < V2.9.7
Siemens / SIPLUS ET 200SP CPU 1512SP F-1 PNAll versions – All versions
Siemens / SIPLUS ET 200SP CPU 1512SP F-1 PNAll versions < V2.9.7 – All versions < V2.9.7
Siemens / SIPLUS ET 200SP CPU 1512SP F-1 PN RAILAll versions < V2.9.7 – All versions < V2.9.7
Siemens / SIPLUS S7-1500 CPU 1511-1 PNAll versions – All versions
Siemens / SIPLUS S7-1500 CPU 1511-1 PNAll versions < V2.9.7 – All versions < V2.9.7
Siemens / SIPLUS S7-1500 CPU 1511-1 PN T1 RAILAll versions < V2.9.7 – All versions < V2.9.7
Siemens / SIPLUS S7-1500 CPU 1511-1 PN TX RAILAll versions < V2.9.7 – All versions < V2.9.7
Siemens / SIPLUS S7-1500 CPU 1511F-1 PNAll versions – All versions
Siemens / SIPLUS S7-1500 CPU 1511F-1 PNAll versions < V2.9.7 – All versions < V2.9.7
Siemens / SIPLUS S7-1500 CPU 1513-1 PNAll versions – All versions
Siemens / SIPLUS S7-1500 CPU 1513-1 PNAll versions < V2.9.7 – All versions < V2.9.7
Siemens / SIPLUS S7-1500 CPU 1513F-1 PNAll versions – All versions
Siemens / SIPLUS S7-1500 CPU 1513F-1 PNAll versions < V2.9.7 – All versions < V2.9.7
Siemens / SIPLUS S7-1500 CPU 1515F-2 PNAll versions < V2.9.7 – All versions < V2.9.7
Siemens / SIPLUS S7-1500 CPU 1515F-2 PN RAILAll versions < V2.9.7 – All versions < V2.9.7
Siemens / SIPLUS S7-1500 CPU 1515F-2 PN T2 RAILAll versions < V2.9.7 – All versions < V2.9.7
Siemens / SIPLUS S7-1500 CPU 1515R-2 PNAll versions < V2.9.7 – All versions < V2.9.7
Siemens / SIPLUS S7-1500 CPU 1515R-2 PN TX RAILAll versions < V2.9.7 – All versions < V2.9.7
Siemens / SIPLUS S7-1500 CPU 1516-3 PN/DPAll versions – All versions
Siemens / SIPLUS S7-1500 CPU 1516-3 PN/DPAll versions < V2.9.7 – All versions < V2.9.7
Siemens / SIPLUS S7-1500 CPU 1516-3 PN/DP RAILAll versions < V2.9.7 – All versions < V2.9.7
Siemens / SIPLUS S7-1500 CPU 1516-3 PN/DP TX RAILAll versions < V2.9.7 – All versions < V2.9.7
Siemens / SIPLUS S7-1500 CPU 1516F-3 PN/DPAll versions – All versions
Siemens / SIPLUS S7-1500 CPU 1516F-3 PN/DPAll versions < V2.9.7 – All versions < V2.9.7
Siemens / SIPLUS S7-1500 CPU 1516F-3 PN/DP RAILAll versions < V2.9.7 – All versions < V2.9.7
Siemens / SIPLUS S7-1500 CPU 1517H-3 PNAll versions < V3.0.1 – All versions < V3.0.1
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DPAll versions < V3.0.1 – All versions < V3.0.1
Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFPAll versions < V3.0.1 – All versions < V3.0.1
Siemens / SIPLUS S7-1500 CPU 1518F-4 PN/DPAll versions < V3.0.1 – All versions < V3.0.1
Siemens / SIPLUS S7-1500 CPU 1518HF-4 PNAll versions < V3.0.1 – All versions < V3.0.1
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DPAll versions < V3.3.19 – All versions < V3.3.19
Siemens / SIPLUS S7-300 CPU 315-2 PN/DPAll versions < V3.2.19 – All versions < V3.2.19
Siemens / SIPLUS S7-300 CPU 315F-2 PN/DPAll versions < V3.2.19 – All versions < V3.2.19
Siemens / SIPLUS S7-300 CPU 317-2 PN/DPAll versions < V3.2.19 – All versions < V3.2.19
Siemens / SIPLUS S7-300 CPU 317F-2 PN/DPAll versions < V3.2.19 – All versions < V3.2.19

References

MISChttps://cert-portal.siemens.com/productcert/pdf/ssa-478960.pdf