Siemens SIMATIC S7-1200 2.x < 4.x XSS

medium Nessus Network Monitor Plugin ID 720048

Synopsis

Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices allows remote attackers to inject arbitrary scripts.

Description

Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Solution

Perform vendor recommended mitigations and apply available vendor upgrades.

See Also

https://www.exploit-db.com/exploits/44687/,https://ics-cert.us-cert.gov/advisories/ICSA-14-114-02,http://ics-cert.us-cert.gov/advisories/ICSA-14-114-02,http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf

Plugin Details

Severity: Medium

ID: 720048

Family: SCADA

Published: 5/8/2019

Updated: 9/30/2019

Risk Information

VPR

Risk Factor: Low

Score: 3.8

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.4

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

Patch Publication Date: 4/24/2014

Vulnerability Publication Date: 4/24/2014

Reference Information

CVE: CVE-2014-2908