Siemens Simatic Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

2019-11-0800:00:00

www.tenable.com

Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

File data ot_500128.nasl

VendorProductVersionCPE
siemenssimatic_s7_cpu_1200_firmware2.0cpe:2.3:o:siemens:simatic_s7_cpu_1200_firmware:2.0:*:*:*:*:*:*:*
siemenssimatic_s7_cpu_1200_firmware3.0cpe:2.3:o:siemens:simatic_s7_cpu_1200_firmware:3.0:*:*:*:*:*:*:*
siemenssimatic_s7_cpu_1200_firmware3.0.2cpe:2.3:o:siemens:simatic_s7_cpu_1200_firmware:3.0.2:*:*:*:*:*:*:*
siemenssimatic_s7_cpu-1211c-cpe:2.3:h:siemens:simatic_s7_cpu-1211c:-:*:*:*:*:*:*:*
siemenssimatic_s7_cpu_1212c-cpe:2.3:h:siemens:simatic_s7_cpu_1212c:-:*:*:*:*:*:*:*
siemenssimatic_s7_cpu_1214c-cpe:2.3:h:siemens:simatic_s7_cpu_1214c:-:*:*:*:*:*:*:*
siemenssimatic_s7_cpu_1215c-cpe:2.3:h:siemens:simatic_s7_cpu_1215c:-:*:*:*:*:*:*:*
siemenssimatic_s7_cpu_1217c-cpe:2.3:h:siemens:simatic_s7_cpu_1217c:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	simatic_s7_cpu_1200_firmware	2.0	cpe:2.3:o:siemens:simatic_s7_cpu_1200_firmware:2.0:::::::*
siemens	simatic_s7_cpu_1200_firmware	3.0	cpe:2.3:o:siemens:simatic_s7_cpu_1200_firmware:3.0:::::::*
siemens	simatic_s7_cpu_1200_firmware	3.0.2	cpe:2.3:o:siemens:simatic_s7_cpu_1200_firmware:3.0.2:::::::*
siemens	simatic_s7_cpu-1211c	-	cpe:2.3:h:siemens:simatic_s7_cpu-1211c:-:::::::*
siemens	simatic_s7_cpu_1212c	-	cpe:2.3:h:siemens:simatic_s7_cpu_1212c:-:::::::*
siemens	simatic_s7_cpu_1214c	-	cpe:2.3:h:siemens:simatic_s7_cpu_1214c:-:::::::*
siemens	simatic_s7_cpu_1215c	-	cpe:2.3:h:siemens:simatic_s7_cpu_1215c:-:::::::*
siemens	simatic_s7_cpu_1217c	-	cpe:2.3:h:siemens:simatic_s7_cpu_1217c:-:::::::*