CVE-2014-2908

EXPLOITED NUCLEI

SIMATIC S7-1200 CPU 2.x-3.x - Cross-Site Scripting

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2014-2908 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including t4rkd3vilz. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates a reflected XSS vulnerability in Siemens SIMATIC S7-1200 CPU web interface. The payload injects JavaScript via the 'filtervalue' parameter, triggering an alert dialog when the page is rendered.

Description

Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Exploits (1)

exploitdb WORKING POC
by t4rkd3vilz · textwebappslinux
https://www.exploit-db.com/exploits/44687

This exploit demonstrates a reflected XSS vulnerability in Siemens SIMATIC S7-1200 CPU web interface. The payload injects JavaScript via the 'filtervalue' parameter, triggering an alert dialog when the page is rendered.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Siemens SIMATIC S7-1200 CPU V2.X and V3.X
No auth needed
Prerequisites: Network access to the target web interface
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting
MEDIUMby daffainfo

References (4)

Core 4
Core References
US Government Resource x_refsource_misc
http://ics-cert.us-cert.gov/advisories/ICSA-14-114-02
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44687/

Scores

EPSS 0.2095
EPSS Percentile 97.2%

Details

VulnCheck KEV 2024-07-25
CWE
CWE-79
Status published
Products (8)
siemens/simatic_s7_cpu-1211c
siemens/simatic_s7_cpu_1200_firmware 2.0
siemens/simatic_s7_cpu_1200_firmware 3.0
siemens/simatic_s7_cpu_1200_firmware 3.0.2
siemens/simatic_s7_cpu_1212c
siemens/simatic_s7_cpu_1214c
siemens/simatic_s7_cpu_1215c
siemens/simatic_s7_cpu_1217c
Published Apr 25, 2014
Tracked Since Feb 18, 2026