CVE-2014-2246

Siemens SIMATIC S7-1500 <1.5.0 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References (4)

[US Government Resource] http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01

[Patch, Vendor Advisory] http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf

[Vendor Advisory] https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/66201

Scores

EPSS 0.0051

EPSS Percentile 66.1%

Details

CWE

CWE-79

Status published

Products (5)

siemens/simatic_s7-1500_cpu_firmware < 1.1.2

siemens/simatic_s7-1500_cpu_firmware

n/a/n/a

Published Mar 16, 2014

Tracked Since Feb 18, 2026