CVE-2014-2246

Name of the Vulnerable Software and Affected Versions Siemens SIMATIC S7-1500 CPU PLC devices versions prior to 1.5.0

Description A cross-site scripting (XSS) issue exists in the integrated web server, allowing remote attackers to inject arbitrary web script or HTML. This could potentially lead to unauthorized access or control of the device.

Recommendations For versions prior to 1.5.0, update the firmware to version 1.5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the integrated web server until the update can be applied.