Siemens SIMATIC S7-1500 PLCs < 1.5 Web Server Basic XSS

medium Nessus Network Monitor Plugin ID 720190

Synopsis

Siemens SIMATIC S7-1500 PLC Web Server allows remote attackers to inject headers via unspecified vectors.

Description

The integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allows remote attackers to inject headers via unspecified vectors. Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS).

Solution

Update the S7 1500 firmware to 1.5 or later.

Plugin Details

Severity: Medium

ID: 720190

Family: SCADA

Published: 5/8/2019

Updated: 9/30/2019

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P

Vulnerability Information

Patch Publication Date: 3/14/2014

Vulnerability Publication Date: 3/14/2014

Reference Information

CVE: CVE-2014-2247

Detections

Analytics