Vigil@nce - SIMATIC S7-1200: Cross Site Scripting
October 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
When the web site is enabled on SIMATIC S7-1200, an attacker can
generate a Cross Site Scripting, in order to execute code in the
context of the web site.
Impacted products: SIMATIC
Severity: 2/4
Creation date: 08/10/2012
DESCRIPTION OF THE VULNERABILITY
A web server can be enabled in SIMATIC S7-1200.
However, this server does not correctly filter received data
before displaying them. Technical details are unknown.
When the web site is enabled on SIMATIC S7-1200, an attacker can
therefore generate a Cross Site Scripting, in order to execute
code in the context of the web site.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/SIMATIC-S7-1200-Cross-Site-Scripting-12040