CVE-2018-13800

HIGH Year: 2018
CVSS v3 Score
7.3
High
CVSS v2 Score
4.9
Medium
Weakness Type
CWE-352
View all →

Vulnerability Description

A vulnerability has been identified in SIMATIC S7-1200 CPU family version 4 (All versions < V4.2.3). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user, who must be authenticated to the web interface. A successful attack could allow an attacker to trigger actions via the web interface that the legitimate user is allowed to perform. This could allow the attacker to read or modify parts of the device configuration.

Related Vulnerabilities

CVE-2017-14362

HIGH
CVSS:7.3(High)

Cross-Site Request Forgery vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Cross-Site Forgery attack.

CWE-3522017

CVE-2021-4017

HIGH
CVSS:7.3(High)

showdoc is vulnerable to Cross-Site Request Forgery (CSRF)

CWE-3522021

CVE-2022-43470

HIGH
CVSS:7.3(High)

Cross-site request forgery (CSRF) vulnerability in +F FS040U software versions v2.3.4 and earlier, +F FS020W software versions v4.0.0 and earlier, +F FS030W software versions v3.3.5 and earlier, and +...

CWE-3522022

CVE-2023-5036

HIGH
CVSS:7.3(High)

Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.15.1.

CWE-3522023

CVE-2024-28731

HIGH
CVSS:7.3(High)

Cross Site Request Forgery vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via the Port forward...

CWE-3522024

CVE-2024-48846

HIGH
CVSS:7.3(High)

Cross Site Request Forgery vulnerabilities where found providing a potiential for exposing sensitive information or changing system settings. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS...

CWE-3522024