Security Advisory: The integrated web server (port 80/tcp and port 443/tcp) of the S7-1200 PLC could allow an attacker to redirect users to untrusted web sites if unsuspecting users are tricked to click on a malicious link. Author: Ralf Spenneberg , Hendrik Schwartke, Maik Brüggemann Revision: 1 Last Updated: January 21 2015 CVE-2015-1048 Summary: The integrated web server (port 80/tcp and port 443/tcp) of the affected devices could allow an attacker to redirect users to untrusted web sites if unsuspecting users are tricked to click on a malicious link. CVSS 4.3 Impact: For the described vulnerability the attacker must trick users of the devices to click on a malicious link. Vulnerable: All S7-1200 versions prior to V4.1 Solution: Workaround: Disabling the Webserver Firmware 4.1 References: https://ics-cert.us-cert.gov/advisories/ICSA-15-022-01 https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-597212.pdf