CVE-2016-8673 (simatic_cp_343-1_firmware, simatic_cp_443-1_firmware, simatic_s7_300_cpu_firmware, simatic_s7_400_cpu_firmware)
Cross-site request forgery (CSRF) vulnerability in the integrated web server on Siemens SIMATIC CP 343-1 Advanced before 3.0.53, SIMATIC CP 443-1 Advanced, SIMATIC S7-300 CPU, and SIMATIC S7-400 CPU devices allows remote attackers to hijack the authentication of arbitrary users.