V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
Back to catalog
CVE-2022-30694
CVE
Low

The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attacke…

CVSS
3.5
Low
EPSS
0.00
p20
Published
2022-01-01
Updated
2022-01-01
Description

The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack.

Tags · CWE
CWE-352
CAPEC-62
CAPEC-111
CAPEC-462
CAPEC-467
Affected products
6ag1151-8ab01-7ab0_firmware6ag1151-8fb01-2ab0_firmware6ag1314-6eh04-7ab0_firmware6ag1315-2eh14-7ab0_firmware6ag1315-2fj14-2ab0_firmware6ag1317-2ek14-7ab0_firmware6ag1317-2fk14-2ab0_firmware6es7151-8ab01-0ab0_firmware6es7151-8fb01-0ab0_firmware6es7154-8ab01-0ab0_firmware6es7154-8fb01-0ab0_firmware6es7154-8fx00-0ab0_firmware6es7314-6eh04-0ab0_firmware6es7315-2eh14-0ab0_firmware6es7315-2fj14-0ab0_firmware6es7315-7tj10-0ab0_firmware6es7317-2ek14-0ab0_firmware6es7317-2fk14-0ab0_firmware6es7317-7tk10-0ab0_firmware6es7317-7ul10-0ab0_firmware
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Timeline
2022-01-01
Published
2022-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: L
Low (L)
User Interaction
UI: R
Required (R)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: L
Low (L)
Integrity Impact
I: N
None (N)
Availability Impact
A: N
None (N)
Exploit indicators
EPSS
0.003 · p20
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
Siemens
Simatic S7-1500 Software ControllerSimatic S7 Plcsim AdvancedSimatic S7-1200 Cpu 1211cSimatic S7-1200 Cpu 1212cSimatic S7-1200 Cpu 1214cSimatic S7-1200 Cpu 1211c FirmwareSimatic S7-1200 Cpu 1212c FirmwareSimatic S7-1200 Cpu 1214c FirmwareSimatic S7-1200 Cpu 1215cSimatic S7-1200 Cpu 1217c+213
ProductVendorStatus
6ag1151-8ab01-7ab0_firmware*Tracked
6ag1151-8fb01-2ab0_firmware*Tracked
6ag1314-6eh04-7ab0_firmware*Tracked
6ag1315-2eh14-7ab0_firmware*Tracked
6ag1315-2fj14-2ab0_firmware*Tracked
6ag1317-2ek14-7ab0_firmware*Tracked
6ag1317-2fk14-2ab0_firmware*Tracked
6es7151-8ab01-0ab0_firmware*Tracked
6es7151-8fb01-0ab0_firmware*Tracked
6es7154-8ab01-0ab0_firmware*Tracked
6es7154-8fb01-0ab0_firmware*Tracked
6es7154-8fx00-0ab0_firmware*Tracked
6es7314-6eh04-0ab0_firmware*Tracked
6es7315-2eh14-0ab0_firmware*Tracked
6es7315-2fj14-0ab0_firmware*Tracked
6es7315-7tj10-0ab0_firmware*Tracked
6es7317-2ek14-0ab0_firmware*Tracked
6es7317-2fk14-0ab0_firmware*Tracked
6es7317-7tk10-0ab0_firmware*Tracked
6es7317-7ul10-0ab0_firmware*Tracked
Showing first 20 of 113
Source databases
CVE