SSA-886514 (Last Update: 2020-04-14): Persistent XSS Vulnerabilities in the Web Interface of Climatix POL908 and POL909 Modules

Published

2020-04-14 00:00:00 UTC

Summary

The Climatix BACnet/IP (POL908) and AWM (POL909) modules contain two persistent cross-site scripting (XSS) vulnerabilities in the web interface that could allow a remote attacker to execute arbitrary JavaScript code in the context of other users' web sessions. Siemens recommends to update Climatix POL908 and POL909 to the latest version and recommends further countermeasures.