Siemens SIMATIC S7-1200 PLC < 4.1 Open Redirection
Medium Nessus Plugin ID 81592
SynopsisThe remote web server running on the S7-1200 PLC is affected by an open redirection vulnerability.
DescriptionThe Siemens SIMATIC S7-1200 integrated web server is running a firmware version that is prior to 4.1. It is, therefore, affected by an open redirection vulnerability due to improper validation of user-supplied input. A remote attacker can exploit this, via a crafted URL, to conduct a phishing attack by redirecting a legitimate user to a malicious website.
Note that Nessus has not attempted to exploit this issue but has instead relied only on the device's self-reported version number.
SolutionUpgrade to Siemens SIMATIC S7-1200 CPU firmware release version 4.1 or later.