PT-2013-2512 · Siemens · Siemens Wincc

Artem Chaykin

Published

2013-03-21

Updated

2013-03-22

CVE-2013-0667

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Siemens WinCC (TIA Portal) version 11

Description A cross-site scripting (XSS) issue exists in the HMI web application, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL. This could potentially lead to unauthorized actions on the web application.

Recommendations For version 11, update to a newer version that contains a fix for this issue, or as a temporary workaround, consider restricting access to the HMI web application to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2013-0667

Affected Products

Siemens Wincc

PT-2013-2512 · Siemens · Siemens Wincc

CVE-2013-0667

Weakness Enumeration

Related Identifiers

Affected Products

References · 3