CSRF via /FormLogin Authenticated Remote Attacker can Track Users (CVE-2022-30694)
CVE-2022-30694 Published on November 8, 2022

The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack.

NVD

Weakness Type

What is a Session Riding Vulnerability?

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. When a web server is designed to receive a request from a client without any mechanism for verifying that it was intentionally sent, then it might be possible for an attacker to trick a client into making an unintentional request to the web server which will be treated as an authentic request. This can be done via a URL, image load, XMLHttpRequest, etc. and can result in exposure of data or unintended code execution.

CVE-2022-30694 has been classified to as a Session Riding vulnerability or weakness.

Products Associated with CVE-2022-30694

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2022-30694 are published in these products:

Siemens Simatic Wincc Runtime

Siemens Simatic S7 1500 Software Controller

Siemens Simatic S7 Plcsim Advanced

Affected Versions

Siemens SIMATIC Drive Controller CPU 1504D TF:

Version All versions < V2.9.7 is affected.

Siemens SIMATIC Drive Controller CPU 1507D TF:

Version All versions < V2.9.7 is affected.

Siemens SIMATIC ET 200pro IM154-8 PN/DP CPU:

Version All versions < V3.2.19 is affected.

Siemens SIMATIC ET 200pro IM154-8F PN/DP CPU:

Version All versions < V3.2.19 is affected.

Siemens SIMATIC ET 200pro IM154-8FX PN/DP CPU:

Version All versions < V3.2.19 is affected.

Siemens SIMATIC ET 200S IM151-8 PN/DP CPU:

Version All versions < V3.2.19 is affected.

Siemens SIMATIC ET 200S IM151-8F PN/DP CPU:

Version All versions < V3.2.19 is affected.

Siemens SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants):

Version All versions < V21.9.7 is affected.

Siemens SIMATIC PC Station:

Version All versions >= V2.1 is affected.

Siemens SIMATIC S7-1200 CPU family (incl. SIPLUS variants):

Version All versions < V4.6.0 is affected.

Siemens SIMATIC S7-1500 CPU 1510SP F-1 PN:

Version All versions is affected.

Siemens SIMATIC S7-1500 CPU 1510SP F-1 PN:

Version All versions < V2.9.7 is affected.

Siemens SIMATIC S7-1500 CPU 1510SP-1 PN:

Version All versions is affected.

Siemens SIMATIC S7-1500 CPU 1510SP-1 PN:

Version All versions < V2.9.7 is affected.

Siemens SIMATIC S7-1500 CPU 1511-1 PN:

Version All versions is affected.

Siemens SIMATIC S7-1500 CPU 1511-1 PN:

Version All versions < V2.9.7 is affected.

Siemens SIMATIC S7-1500 CPU 1511-1 PN:

Version All versions < V2.9.7 is affected.

Siemens SIMATIC S7-1500 CPU 1511C-1 PN:

Version All versions < V2.9.7 is affected.

Siemens SIMATIC S7-1500 CPU 1511C-1 PN:

Version All versions < V2.9.7 is affected.

Siemens SIMATIC S7-1500 CPU 1511F-1 PN:

Version All versions is affected.

Siemens SIMATIC S7-1500 CPU 1511F-1 PN:

Version All versions < V2.9.7 is affected.

Siemens SIMATIC S7-1500 CPU 1511F-1 PN:

Version All versions < V2.9.7 is affected.

Siemens SIMATIC S7-1500 CPU 1511T-1 PN:

Version All versions < V2.9.7 is affected.

Siemens SIMATIC S7-1500 CPU 1511TF-1 PN:

Version All versions < V2.9.7 is affected.

Siemens SIMATIC S7-1500 CPU 1512C-1 PN:

Version All versions < V2.9.7 is affected.

Siemens SIMATIC S7-1500 CPU 1512C-1 PN:

Version All versions < V2.9.7 is affected.

Siemens SIMATIC S7-1500 CPU 1512SP F-1 PN:

Version All versions is affected.

Siemens SIMATIC S7-1500 CPU 1512SP F-1 PN:

Version All versions < V2.9.7 is affected.

Siemens SIMATIC S7-1500 CPU 1512SP-1 PN:

Version All versions is affected.

Siemens SIMATIC S7-1500 CPU 1512SP-1 PN:

Version All versions < V2.9.7 is affected.

Siemens SIMATIC S7-1500 CPU 1513-1 PN:

Version All versions is affected.

Siemens SIMATIC S7-1500 CPU 1513-1 PN:

Version All versions < V2.9.7 is affected.

Siemens SIMATIC S7-1500 CPU 1513-1 PN:

Version All versions < V2.9.7 is affected.

Siemens SIMATIC S7-1500 CPU 1513F-1 PN:

Version All versions is affected.

Siemens SIMATIC S7-1500 CPU 1513F-1 PN:

Version All versions < V2.9.7 is affected.

Siemens SIMATIC S7-1500 CPU 1513F-1 PN:

Version All versions < V2.9.7 is affected.

Siemens SIMATIC S7-1500 CPU 1513R-1 PN:

Version All versions < V2.9.7 is affected.

Siemens SIMATIC S7-1500 CPU 1515-2 PN:

Version All versions is affected.

Siemens SIMATIC S7-1500 CPU 1515-2 PN:

Version All versions < V2.9.7 is affected.

Siemens SIMATIC S7-1500 CPU 1515-2 PN:

Version All versions < V2.9.7 is affected.

Siemens SIMATIC S7-1500 CPU 1515F-2 PN:

Version All versions is affected.

Siemens SIMATIC S7-1500 CPU 1515F-2 PN:

Version All versions < V2.9.7 is affected.

Siemens SIMATIC S7-1500 CPU 1515F-2 PN:

Version All versions < V2.9.7 is affected.

Siemens SIMATIC S7-1500 CPU 1515R-2 PN:

Version All versions < V2.9.7 is affected.

Siemens SIMATIC S7-1500 CPU 1515T-2 PN:

Version All versions < V2.9.7 is affected.

Siemens SIMATIC S7-1500 CPU 1515TF-2 PN:

Version All versions < V2.9.7 is affected.

Siemens SIMATIC S7-1500 CPU 1516-3 PN/DP:

Version All versions is affected.

Siemens SIMATIC S7-1500 CPU 1516-3 PN/DP:

Version All versions < V2.9.7 is affected.

Siemens SIMATIC S7-1500 CPU 1516-3 PN/DP:

Version All versions < V2.9.7 is affected.

Siemens SIMATIC S7-1500 CPU 1516F-3 PN/DP:

Version All versions is affected.

Siemens SIMATIC S7-1500 CPU 1516F-3 PN/DP:

Version All versions < V2.9.7 is affected.

Siemens SIMATIC S7-1500 CPU 1516F-3 PN/DP:

Version All versions < V2.9.7 is affected.

Siemens SIMATIC S7-1500 CPU 1516T-3 PN/DP:

Version All versions < V3.0.1 is affected.

Siemens SIMATIC S7-1500 CPU 1516TF-3 PN/DP:

Version All versions < V3.0.1 is affected.

Siemens SIMATIC S7-1500 CPU 1517-3 PN/DP:

Version All versions < V3.0.1 is affected.

Siemens SIMATIC S7-1500 CPU 1517F-3 PN/DP:

Version All versions < V3.0.1 is affected.

Siemens SIMATIC S7-1500 CPU 1517H-3 PN:

Version All versions < V3.0.1 is affected.

Siemens SIMATIC S7-1500 CPU 1517T-3 PN/DP:

Version All versions < V3.0.1 is affected.

Siemens SIMATIC S7-1500 CPU 1517TF-3 PN/DP:

Version All versions < V3.0.1 is affected.

Siemens SIMATIC S7-1500 CPU 1518-4 PN/DP:

Version All versions < V3.0.1 is affected.

Siemens SIMATIC S7-1500 CPU 1518-4 PN/DP MFP:

Version All versions < V3.0.1 is affected.

Siemens SIMATIC S7-1500 CPU 1518F-4 PN/DP:

Version All versions < V3.0.1 is affected.

Siemens SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP:

Version All versions < V3.0.1 is affected.

Siemens SIMATIC S7-1500 CPU 1518HF-4 PN:

Version All versions < V3.0.1 is affected.

Siemens SIMATIC S7-1500 CPU 1518T-4 PN/DP:

Version All versions < V3.0.1 is affected.

Siemens SIMATIC S7-1500 CPU 1518TF-4 PN/DP:

Version All versions < V3.0.1 is affected.

Siemens SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK:

Version All versions < V2.9.7 is affected.

Siemens SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK:

Version All versions < V2.9.7 is affected.

Siemens SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN:

Version All versions < V2.9.7 is affected.

Siemens SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN:

Version All versions < V2.9.7 is affected.

Siemens SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN:

Version All versions < V2.9.7 is affected.

Siemens SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN:

Version All versions < V2.9.7 is affected.

Siemens SIMATIC S7-1500 Software Controller V2:

Version All versions < V21.9.7 is affected.

Siemens SIMATIC S7-300 CPU 314C-2 PN/DP:

Version All versions < V3.3.19 is affected.

Siemens SIMATIC S7-300 CPU 315-2 PN/DP:

Version All versions < V3.2.19 is affected.

Siemens SIMATIC S7-300 CPU 315F-2 PN/DP:

Version All versions < V3.2.19 is affected.

Siemens SIMATIC S7-300 CPU 315T-3 PN/DP:

Version All versions < V3.2.19 is affected.

Siemens SIMATIC S7-300 CPU 317-2 PN/DP:

Version All versions < V3.2.19 is affected.

Siemens SIMATIC S7-300 CPU 317F-2 PN/DP:

Version All versions < V3.2.19 is affected.

Siemens SIMATIC S7-300 CPU 317T-3 PN/DP:

Version All versions < V3.2.19 is affected.

Siemens SIMATIC S7-300 CPU 317TF-3 PN/DP:

Version All versions < V3.2.19 is affected.

Siemens SIMATIC S7-300 CPU 319-3 PN/DP:

Version All versions < V3.2.19 is affected.

Siemens SIMATIC S7-300 CPU 319F-3 PN/DP:

Version All versions < V3.2.19 is affected.

Siemens SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants):

Version All versions is affected.

Siemens SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants):

Version All versions is affected.

Siemens SIMATIC S7-PLCSIM Advanced:

Version All versions < V5.0 is affected.

Siemens SIMATIC WinCC Runtime Advanced:

Version All versions < V17 Update 5 is affected.

Siemens SINUMERIK ONE:

Version All versions < V6.22 is affected.

Siemens SIPLUS ET 200S IM151-8 PN/DP CPU:

Version All versions < V3.2.19 is affected.

Siemens SIPLUS ET 200S IM151-8F PN/DP CPU:

Version All versions < V3.2.19 is affected.

Siemens SIPLUS ET 200SP CPU 1510SP F-1 PN:

Version All versions < V2.9.7 is affected.

Siemens SIPLUS ET 200SP CPU 1510SP F-1 PN RAIL:

Version All versions < V2.9.7 is affected.

Siemens SIPLUS ET 200SP CPU 1510SP-1 PN:

Version All versions < V2.9.7 is affected.

Siemens SIPLUS ET 200SP CPU 1510SP-1 PN:

Version All versions < V2.9.7 is affected.

Siemens SIPLUS ET 200SP CPU 1510SP-1 PN RAIL:

Version All versions < V2.9.7 is affected.

Siemens SIPLUS ET 200SP CPU 1510SP-1 PN RAIL:

Version All versions < V2.9.7 is affected.

Siemens SIPLUS ET 200SP CPU 1512SP F-1 PN:

Version All versions is affected.

Siemens SIPLUS ET 200SP CPU 1512SP F-1 PN:

Version All versions < V2.9.7 is affected.

Siemens SIPLUS ET 200SP CPU 1512SP F-1 PN:

Version All versions < V2.9.7 is affected.

Siemens SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL:

Version All versions < V2.9.7 is affected.

Siemens SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL:

Version All versions < V2.9.7 is affected.

Siemens SIPLUS ET 200SP CPU 1512SP-1 PN:

Version All versions < V2.9.7 is affected.

Siemens SIPLUS ET 200SP CPU 1512SP-1 PN:

Version All versions < V2.9.7 is affected.

Siemens SIPLUS ET 200SP CPU 1512SP-1 PN RAIL:

Version All versions < V2.9.7 is affected.

Siemens SIPLUS ET 200SP CPU 1512SP-1 PN RAIL:

Version All versions < V2.9.7 is affected.

Siemens SIPLUS S7-1500 CPU 1511-1 PN:

Version All versions is affected.

Siemens SIPLUS S7-1500 CPU 1511-1 PN:

Version All versions < V2.9.7 is affected.

Siemens SIPLUS S7-1500 CPU 1511-1 PN:

Version All versions < V2.9.7 is affected.

Siemens SIPLUS S7-1500 CPU 1511-1 PN:

Version All versions < V2.9.7 is affected.

Siemens SIPLUS S7-1500 CPU 1511-1 PN:

Version All versions < V2.9.7 is affected.

Siemens SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL:

Version All versions < V2.9.7 is affected.

Siemens SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL:

Version All versions < V2.9.7 is affected.

Siemens SIPLUS S7-1500 CPU 1511-1 PN TX RAIL:

Version All versions < V2.9.7 is affected.

Siemens SIPLUS S7-1500 CPU 1511-1 PN TX RAIL:

Version All versions < V2.9.7 is affected.

Siemens SIPLUS S7-1500 CPU 1511F-1 PN:

Version All versions is affected.

Siemens SIPLUS S7-1500 CPU 1511F-1 PN:

Version All versions < V2.9.7 is affected.

Siemens SIPLUS S7-1500 CPU 1511F-1 PN:

Version All versions < V2.9.7 is affected.

Siemens SIPLUS S7-1500 CPU 1513-1 PN:

Version All versions is affected.

Siemens SIPLUS S7-1500 CPU 1513-1 PN:

Version All versions < V2.9.7 is affected.

Siemens SIPLUS S7-1500 CPU 1513-1 PN:

Version All versions < V2.9.7 is affected.

Siemens SIPLUS S7-1500 CPU 1513-1 PN:

Version All versions < V2.9.7 is affected.

Siemens SIPLUS S7-1500 CPU 1513-1 PN:

Version All versions < V2.9.7 is affected.

Siemens SIPLUS S7-1500 CPU 1513F-1 PN:

Version All versions is affected.

Siemens SIPLUS S7-1500 CPU 1513F-1 PN:

Version All versions < V2.9.7 is affected.

Siemens SIPLUS S7-1500 CPU 1513F-1 PN:

Version All versions < V2.9.7 is affected.

Siemens SIPLUS S7-1500 CPU 1515F-2 PN:

Version All versions < V2.9.7 is affected.

Siemens SIPLUS S7-1500 CPU 1515F-2 PN:

Version All versions < V2.9.7 is affected.

Siemens SIPLUS S7-1500 CPU 1515F-2 PN RAIL:

Version All versions < V2.9.7 is affected.

Siemens SIPLUS S7-1500 CPU 1515F-2 PN T2 RAIL:

Version All versions < V2.9.7 is affected.

Siemens SIPLUS S7-1500 CPU 1515R-2 PN:

Version All versions < V2.9.7 is affected.

Siemens SIPLUS S7-1500 CPU 1515R-2 PN TX RAIL:

Version All versions < V2.9.7 is affected.