Cross-Site Scripting Vulnerabilities in Siemens WinCC 7.0 SP3 and Earlier

CVE-2012-3031

Summary

Multiple cross-site scripting vulnerabilities exist in the WebNavigator component of Siemens WinCC 7.0 SP3 and earlier versions. These vulnerabilities enable remote attackers to inject arbitrary web scripts or HTML content into web pages through manipulated GET and POST parameters or even via the Referer HTTP header. Exploiting these vulnerabilities could allow an attacker to execute malicious scripts in the context of a user's session, potentially leading to unauthorized access, data theft, or other malicious activities.

References