CVE-2014-2908

EXPLOITED NUCLEI

Siemens Simatic S7 Cpu 1200 Firmware - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Exploits (1)

exploitdb WORKING POC

by t4rkd3vilz · textwebappslinux

https://www.exploit-db.com/exploits/44687

View Code ZIP pw:eip

Nuclei Templates (1)

Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting

MEDIUMby daffainfo

References (4)

Core 4

Core References

US Government Resource x_refsource_misc

http://ics-cert.us-cert.gov/advisories/ICSA-14-114-02

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/44687/

Vendor Advisory x_refsource_confirm

http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf

Vendor Advisory x_refsource_confirm

https://cert-portal.siemens.com/productcert/pdf/ssa-892012.pdf

Scores

EPSS 0.6804

EPSS Percentile 98.6%

Details

VulnCheck KEV 2024-07-25

CWE

CWE-79

Status published

Products (8)

siemens/simatic_s7_cpu-1211c

siemens/simatic_s7_cpu_1200_firmware 2.0

siemens/simatic_s7_cpu_1200_firmware 3.0

siemens/simatic_s7_cpu_1200_firmware 3.0.2

siemens/simatic_s7_cpu_1212c

siemens/simatic_s7_cpu_1214c

siemens/simatic_s7_cpu_1215c

siemens/simatic_s7_cpu_1217c

Published Apr 25, 2014

Tracked Since Feb 18, 2026