Cross-Site Scripting Vulnerability in Siemens SIMATIC S7-1200 CPU
CVE-2014-2908

Currently unrated

Key Information:

Vendor: Siemens
Status: Simatic S7 Cpu 1200 Firmware; Simatic S7 Cpu-1211c; Simatic S7 Cpu 1212c; Simatic S7 Cpu 1214c
Vendor: CVE Published:; 25 April 2014

What is CVE-2014-2908?

A cross-site scripting (XSS) vulnerability exists in the integrated web server of Siemens SIMATIC S7-1200 CPU devices version 2.x and 3.x. This vulnerability allows remote attackers to inject arbitrary web scripts or HTML, potentially compromising the security of the affected systems. Exploitation of this vulnerability can lead to unauthorized actions by the attacker, requiring immediate attention and mitigation to prevent malicious activities.

References

http://ics-cert.us-cert.gov/advisories/ICSA-14-114-02

x_refsource_MISC

https://www.exploit-db.com/exploits/44687/

exploitx_refsource_EXPLOIT-DB

http://www.siemens.com/innovation/pool/de/forschungsfelde...

x_refsource_CONFIRM

EPSS Score

42% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 25, 2014
Vulnerability Reserved
Apr 18, 2014