SSA-886514 (Last Update: 2020-04-14): Persistent XSS Vulnerabilities in the Web Interface of Climatix POL908 and POL909 Modules


2020-04-14 00:00:00 UTC


The Climatix BACnet/IP (POL908) and AWM (POL909) modules contain two persistent cross-site scripting (XSS) vulnerabilities in the web interface that could allow a remote attacker to execute arbitrary JavaScript code in the context of other users' web sessions. Siemens recommends to update Climatix POL908 and POL909 to the latest version and recommends further countermeasures.