Description
Cross-site scripting (XSS) vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to inject arbitrary web script or HTML via unspecified data.
References (2)
Core 2
Core References
US Government Resource x_refsource_misc
http://ics-cert.us-cert.gov/pdf/ICSA-13-079-03.pdf
Vendor Advisory x_refsource_confirm
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-212483.pdf
Scores
EPSS
0.0024
EPSS Percentile
47.4%
Details
CWE
CWE-79
Status
published
Products (1)
siemens/wincc_tia_portal
11.0
Published
Mar 21, 2013
Tracked Since
Feb 18, 2026