Cross-Site Scripting Vulnerability in Siemens WinCC Flexible and SIMATIC HMI Products

CVE-2011-4510

Summary

A cross-site scripting (XSS) vulnerability exists in the Siemens WinCC flexible web server and SIMATIC HMI products, enabling remote attackers to inject arbitrary web scripts or HTML payloads. This issue is present in multiple versions of WinCC flexible (2004-2008) prior to SP3, as well as WinCC V11 (also known as TIA Portal) prior to SP2 Update 1. Attack vectors remain unspecified, leading to a significant risk for users as it could allow the unauthorized execution of scripts within a user's browser session.

References