Cross-Site Scripting Vulnerability in Schneider Electric's Vijeo Historian, CitectHistorian, and CitectSCADAReports
CVE-2011-4035

Currently unrated

Key Information:

Vendor: Schneider Electric
Status: Vijeo Historian
Vendor: CVE Published:; 2 December 2011

Summary

An XSS vulnerability exists within Schneider Electric's Vijeo Historian, CitectHistorian, and CitectSCADAReports, allowing attackers to inject arbitrary web scripts or HTML through unspecified vectors. This flaw could enable remote attackers to manipulate web content viewed by users, potentially compromising sensitive information and affecting operational integrity. Organizations using the affected versions are urged to implement mitigation strategies and ensure their systems are updated to prevent exploitation.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/71503

vdb-entryx_refsource_XF

http://www.scada.schneider-electric.com/sites/scada/en/lo...

x_refsource_CONFIRM

http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01...

x_refsource_MISC

Timeline

Vulnerability published
Dec 2, 2011
Vulnerability Reserved
Oct 13, 2011