all InfoSec news
SSA-478960 V1.0: Missing CSRF Protection in the Web Server Login Page of Industrial Controllers
Siemens ProductCERT Security Advisories cert-portal.siemens.com
The web server login page of affected products does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack..
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.
attack attackers controllers cross-site cross-site request forgery csrf forgery industrial login missing origin page products protection request server siemens ssa the web track update updates web web server