Release date:
Updated on:
Affected Systems:
Siemens SIMATIC S7-1200 3.x
Siemens SIMATIC S7-1200 2.x
Description:
--------------------------------------------------------------------------------
CVE (CAN) ID: CVE-2014-2908
The SIMATIC S7-1200 is a programmable controller that enables simple but highly precise automation tasks.
The Siemens SIMATIC S7-1200's integrated Web server (TCP ports 80 and 443) has a security vulnerability that allows remote attackers to execute cross-site scripting attacks by enticing users to click malicious links.
<* Source: Ralf w.neberg
Henderson Rik Schwartke
Maik Br ü ggann
Link: http://secunia.com/community/advisories/58173
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Siemens
-------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf