← Back to CVEs
CVE-2012-3040
N/ADescription
Cross-site scripting (XSS) vulnerability in the web server on Siemens SIMATIC S7-1200 PLCs 2.x through 3.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI.
CVE Details
CVSS v3.1 ScoreN/A
Published10/10/2012
Last Modified4/11/2025
Sourcenvd
Honeypot Sightings0
Affected Products
siemens:simatic_s7-1200siemens:simatic_s7-1200_cpu_1211csiemens:simatic_s7-1200_cpu_1211c_firmwaresiemens:simatic_s7-1200_cpu_1212csiemens:simatic_s7-1200_cpu_1212c_firmwaresiemens:simatic_s7-1200_cpu_1212fcsiemens:simatic_s7-1200_cpu_1212fc_firmwaresiemens:simatic_s7-1200_cpu_1214_fcsiemens:simatic_s7-1200_cpu_1214_fc_firmwaresiemens:simatic_s7-1200_cpu_1214csiemens:simatic_s7-1200_cpu_1214c_firmwaresiemens:simatic_s7-1200_cpu_1215_fcsiemens:simatic_s7-1200_cpu_1215_fc_firmwaresiemens:simatic_s7-1200_cpu_1215csiemens:simatic_s7-1200_cpu_1215c_firmwaresiemens:simatic_s7-1200_cpu_1217csiemens:simatic_s7-1200_cpu_1217c_firmwaresiemens:simatic_s7-1200_firmware
Weaknesses (CWE)
CWE-79
References
http://en.securitylab.ru/lab/PT-2012-50(ics-cert@hq.dhs.gov)
http://osvdb.org/86130(ics-cert@hq.dhs.gov)
http://secunia.com/advisories/50816(ics-cert@hq.dhs.gov)
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-279823.pdf(ics-cert@hq.dhs.gov)
http://www.us-cert.gov/control_systems/pdf/ICSA-12-283-01.pdf(ics-cert@hq.dhs.gov)
http://en.securitylab.ru/lab/PT-2012-50(af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/86130(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/50816(af854a3a-2127-422b-91ae-364da2661108)
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-279823.pdf(af854a3a-2127-422b-91ae-364da2661108)
http://www.us-cert.gov/control_systems/pdf/ICSA-12-283-01.pdf(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.