Cross-Site Scripting Vulnerability in Siemens WinCC HMI Web Application
CVE-2013-0667

Currently unrated

Key Information:

Vendor: Siemens
Status: Wincc Tia Portal
Vendor: CVE Published:; 21 March 2013

Summary

The HMI web application in Siemens WinCC (TIA Portal) 11 is susceptible to a Cross-Site Scripting (XSS) vulnerability. This flaw allows remote attackers to inject arbitrary HTML or web scripts through specially crafted URLs, potentially compromising the integrity and confidentiality of user data. Exploiting this vulnerability could lead to unauthorized access or manipulation of sensitive information, emphasizing the need for immediate action to secure affected systems.

References

http://ics-cert.us-cert.gov/pdf/ICSA-13-079-03.pdf

x_refsource_MISC

http://www.siemens.com/corporate-technology/pool/de/forsc...

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Mar 21, 2013