Siemens · Climatix Bacnet/Ip · CVE-2015-4174
**Name of the Vulnerable Software and Affected Versions**
Siemens Climatix BACnet/IP communication module versions prior to 10.34
**Description**
A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL. This affects the integrated web server on the module.
**Recommendations**
For versions prior to 10.34, update the firmware to version 10.34 or later to resolve the issue. As a temporary workaround, consider restricting access to the integrated web server until the update is applied.