SSA-279823 (Last Update: 2020-02-10): Cross-Site Scripting vulnerability in the SIMATIC S7-1200 CPU family

Published

2020-02-10 00:00:00 UTC

Summary

Siemens SIMATIC S7-1200 CPUs, version 2 and higher, are capable of running an embedded web server. Web server functionality is disabled by default in the 1200 project configuration. However, if enabled, the web server is susceptible to Cross-Site Scripting (XSS). Siemens provides a firmware update which fixes this XSS vulnerability.