CVE-2014-2908

EXPLOITED NUCLEI

Siemens Simatic S7 Cpu 1200 Firmware - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Exploits (1)

exploitdb WORKING POC

by t4rkd3vilz · textwebappslinux

https://www.exploit-db.com/exploits/44687

View Code ZIP pw:eip

Nuclei Templates (1)

Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting

MEDIUMby daffainfo

References (4)

[US Government Resource] http://ics-cert.us-cert.gov/advisories/ICSA-14-114-02

[Vendor Advisory] http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf

[Vendor Advisory] https://cert-portal.siemens.com/productcert/pdf/ssa-892012.pdf

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/44687/

Scores

EPSS 0.3872

EPSS Percentile 97.2%

Details

VulnCheck KEV 2024-07-25

CWE

CWE-79

Status published

Products (9)

siemens/simatic_s7_cpu_1200_firmware

siemens/simatic_s7_cpu-1211c

siemens/simatic_s7_cpu_1212c

siemens/simatic_s7_cpu_1214c

siemens/simatic_s7_cpu_1215c

siemens/simatic_s7_cpu_1217c

n/a/n/a

Published Apr 25, 2014

Tracked Since Feb 18, 2026