CVE-2024-47100

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Jan 14, 2025

CWE ID 352

Summary

CVE-2024-47100: A cross-site request forgery (CSRF) vulnerability has been discovered in the web interface of various SIMATIC S7-1200 CPU models, including 1211C, 1212C, 1214C, 1215C, and several others. This issue allows unauthenticated attackers to manipulate the CPU mode by tricking authenticated users with sufficient permissions to click on malicious links. The affected devices are used in industrial automation systems and could result in significant damage if exploited. Users are urged to apply the available patches as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Affected Vendors

DC Comics

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/yvqkl6
https://www.cve.org/CVERecord?id=CVE-2024-47100
https://nvd.nist.gov/vuln/detail/CVE-2024-47100

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

Know What Matters

For Customers

For Partners