This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.
The remote web server running on the S7-1200 PLC is affected by an
open redirection vulnerability.
The Siemens SIMATIC S7-1200 integrated web server is running a
firmware version that is prior to 4.1. It is, therefore, affected by
an open redirection vulnerability due to improper validation of
user-supplied input. A remote attacker can exploit this, via a crafted
URL, to conduct a phishing attack by redirecting a legitimate user to
a malicious website.
Note that Nessus has not attempted to exploit this issue but has
instead relied only on the device's self-reported version number.
See also :
Upgrade to Siemens SIMATIC S7-1200 CPU firmware release version 4.1 or
Risk factor :
Medium / CVSS Base Score : 4.3