Cross-Site Scripting Vulnerability in Siemens WinCC HMI Web Server
CVE-2011-4511

Currently unrated

Key Information:

Vendor: Siemens
Status: Wincc Flexible
Vendor: CVE Published:; 3 February 2012

Summary

A Cross-Site Scripting (XSS) vulnerability exists in the HMI web server of Siemens WinCC products, allowing attackers to inject arbitrary web scripts or HTML content through unspecified vectors. This issue affects multiple versions, including WinCC flexible series and various SIMATIC HMI panels, posing a risk when these products are accessed remotely.

References

http://www.siemens.com/corporate-technology/pool/de/forsc...

x_refsource_CONFIRM

http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01...

x_refsource_MISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Feb 3, 2012