CVE-2020-28210

Name of the Vulnerable Software and Affected Versions EcoStruxure Building Operation WebStation versions 2.0 through 3.1

Description A Cross-site Scripting issue exists due to improper neutralization of input during web page generation, allowing an attacker to inject HTML and JavaScript code into a user's browser. This could be exploited by a remote attacker to execute arbitrary code.

Recommendations For versions 2.0 through 3.1, update to a version that includes a fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the WebStation interface to minimize the risk of exploitation.