Cross-Site Scripting Vulnerabilities in Siemens WinCC HMI Web Application
CVE-2013-0668

Currently unrated

Key Information:

Vendor: Siemens
Status: Wincc Tia Portal
Vendor: CVE Published:; 21 March 2013

What is CVE-2013-0668?

Multiple cross-site scripting (XSS) vulnerabilities exist in the Human Machine Interface (HMI) web application of Siemens WinCC (TIA Portal) 11. These flaws enable remote attackers to inject arbitrary web scripts or HTML into web pages viewed by users, potentially leading to unauthorized actions or exposure of sensitive information. It is vital for organizations using these products to implement appropriate security measures and updates to mitigate the risks associated with these vulnerabilities.

References

http://ics-cert.us-cert.gov/pdf/ICSA-13-079-03.pdf

x_refsource_MISC

http://www.siemens.com/corporate-technology/pool/de/forsc...

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Mar 21, 2013