CVE-2014-2908
EXPLOITED NUCLEISIMATIC S7-1200 CPU 2.x-3.x - Cross-Site Scripting
Title source: llmExploitation Summary
CVE-2014-2908 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including t4rkd3vilz. A Nuclei detection template is also available.
AI-analyzed exploit summary This exploit demonstrates a reflected XSS vulnerability in Siemens SIMATIC S7-1200 CPU web interface. The payload injects JavaScript via the 'filtervalue' parameter, triggering an alert dialog when the page is rendered.
Description
Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Exploits (1)
This exploit demonstrates a reflected XSS vulnerability in Siemens SIMATIC S7-1200 CPU web interface. The payload injects JavaScript via the 'filtervalue' parameter, triggering an alert dialog when the page is rendered.