CVE-2014-2908

Published: 25/04/2014 Updated: 25/05/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
siemens simatic_s7_cpu_1200_firmware 3.0
siemens simatic_s7_cpu_1200_firmware 3.0.2
siemens simatic_s7_cpu_1200_firmware 2.0
siemens simatic_s7_cpu_1212c -
siemens simatic_s7_cpu_1214c -
siemens simatic_s7_cpu_1215c -
siemens simatic_s7_cpu_1217c -
siemens simatic_s7_cpu-1211c -

# Exploit Title: Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting # Google Dork: inurl:/Portal/Portalmwsl # Date: 2018-05-22 # Exploit Author: t4rkd3vilz, Jameel Nabbo # Vendor Homepage: wwwsiemenscom/ # Version: SIMATIC S7-1200 CPU family Versions: V2X and V3X # Tested on: Kali Linux # CVE: CVE-2014-2908 TargetIp/Portal/Por ...

Siemens SIMATIC S7-1200 CPU suffers from a cross site scripting vulnerability ...

CWE-79 http://ics-cert.us-cert.gov/advisories/ICSA-14-114-02 http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf https://www.exploit-db.com/exploits/44687/https://cert-portal.siemens.com/productcert/pdf/ssa-892012.pdf https://nvd.nist.gov https://www.exploit-db.com/exploits/44687/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-2908

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect