Cross-Site Scripting Vulnerability in Siemens SIMATIC S7-1200 PLCs
CVE-2012-3040

Currently unrated

Key Information:

Vendor
Siemens
Status
Simatic S7-1200 Firmware
Vendor
CVE Published:
10 October 2012

Summary

The Siemens SIMATIC S7-1200 PLC contains a cross-site scripting (XSS) vulnerability in its web server, which affects versions 2.x through 3.0.1. This vulnerability allows remote attackers to exploit it by injecting arbitrary web script or HTML through specially crafted URIs. Such exploitation poses risks to the integrity and confidentiality of the system, allowing unauthorized actions and potentially compromising the device’s security.

References

http://secunia.com/advisories/50816
third-party-advisoryx_refsource_SECUNIA
http://www.us-cert.gov/control_systems/pdf/ICSA-12-283-01...
x_refsource_MISC
http://www.siemens.com/corporate-technology/pool/de/forsc...
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.