CVE-2013-0672

Name of the Vulnerable Software and Affected Versions Siemens WinCC (TIA Portal) version 11

Description A cross-site scripting (XSS) issue exists in the HMI web application, allowing remote authenticated users to inject arbitrary web script or HTML via unspecified data. This could potentially lead to unauthorized actions on the web application.

Recommendations For version 11, update to a newer version that contains a fix for this issue, or consider disabling access to the HMI web application until a patch is available. Restrict access to the web application to minimize the risk of exploitation.