CVE-2012-3040

Name of the Vulnerable Software and Affected Versions Siemens SIMATIC S7-1200 PLCs versions 2.x through 3.0.1

Description The issue is related to a lack of protection measures for the web server, allowing for the exploitation of a cross-site scripting (XSS) vulnerability. This vulnerability enables a remote attacker to inject arbitrary web script or HTML via a crafted URI, potentially leading to the execution of malicious JavaScript code.

Recommendations For versions 2.x through 3.0.1, consider disabling the web server functionality until a patch is available to prevent exploitation of the XSS vulnerability. Restrict access to the web server to minimize the risk of remote attackers injecting malicious scripts. Avoid using crafted URIs that could trigger the vulnerability.