![]() |
Description: Injectra: A Python Tool for Seamlessly Injecting Custom Payloads into Files Using Magic Numbers
January 21st, 2025 (6 months ago)
|
![]() |
Description: A Threat Actor Claims to be Selling Access to 111+ POS Machines in the USA
January 21st, 2025 (6 months ago)
|
![]() |
Description: A Threat Actor is Selling Unauthorized Access to 70+ POS Machines in the USA
January 21st, 2025 (6 months ago)
|
![]() |
Description: AI SPERA announced today that it has partnered with education platform OnTheHub to provide its integrated cybersecurity solution, Criminal IP, to students and educational institutions. [...]
January 21st, 2025 (6 months ago)
|
![]() |
Description: Ransomware gangs are increasingly adopting email bombing followed by posing as tech support in Microsoft Teams calls to trick employees into allowing remote control and install malware that provides access to the company network. [...]
January 21st, 2025 (6 months ago)
|
CVE-2024-47100 |
Description: As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
1. EXECUTIVE SUMMARY
CVSS v4 7.2
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: SIMATIC S7-1200 CPUs
Vulnerability: Cross-Site Request Forgery
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an unauthenticated attacker to change the CPU mode by tricking a legitimate and authenticated user with sufficient permissions on the target CPU to click on a malicious link.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Siemens reports that the following products are affected:
SIMATIC S7-1200 CPU 1211C AC/DC/Rly (6ES7211-1BE40-0XB0): Versions prior to V4.7
SIMATIC S7-1200 CPU 1214C DC/DC/DC (6ES7214-1AG40-0XB0): Versions prior to V4.7
SIMATIC S7-1200 CPU 1214C DC/DC/Rly (6ES7214-1HG40-0XB0): Versions prior to V4.7
SIMATIC S7-1200 CPU 1214FC DC/DC/DC (6ES7214-1AF40-0XB0): Versions prior to V4.7
SIMATIC S7-1200 CPU 1214FC DC/DC/Rly (6ES7214-1HF40-0XB0): Versions prior to V4.7
SIMATIC S7-1200 CPU 1215C AC/DC/Rly (6ES7215-1BG40-0XB0): Versions prior to V4.7
SIMATIC S7-1200 CPU 1215C DC/DC/DC (6ES7215-1AG40-0XB0): Versions prior to V4.7
SIMATIC S7-1200 CPU 1215C DC/DC/Rly (6ES7215-1HG40-0XB0): Versi...
CVSS: HIGH (7.2) EPSS Score: 0.05%
January 21st, 2025 (6 months ago)
|
![]() |
Description: CISA released three Industrial Control Systems (ICS) advisories on January 21, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
ICSA-25-021-01 Traffic Alert and Collision Avoidance System (TCAS) II
ICSA-25-021-02 Siemens SIMATIC S7-1200 CPUs
ICSA-25-021-03 ZF Roll Stability Support Plus (RSSPlus)
CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.
January 21st, 2025 (6 months ago)
|
![]() |
Description: A Threat Actor Claims to be Selling Access to SocialLinks Crime Wall
January 21st, 2025 (6 months ago)
|
![]() |
Description: Some Facebook users were shocked to see Trump in their feeds yesterday, but that’s likely because they were already following official administration accounts.
January 21st, 2025 (6 months ago)
|
![]() |
Description: Even as the rule book changes, the profession of the CISO remains unchanged: protecting their organization in a world of constant, continually evolving threats.
January 21st, 2025 (6 months ago)
|