cbcvebase.
CVE-2014-2246
published 2014-03-16

CVE-2014-2246: Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allows remote…

medium4.3CVSS 3.1
AVNACMAuNCNIPAN
Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected

4 ranges
VendorProductVersion rangeFixed in
siemenssimatic_s7-1500_cpu_firmware<= 1.1.2
siemenssimatic_s7-1500_cpu_firmware
siemenssimatic_s7-1500_cpu_firmware
siemenssimatic_s7-1500_cpu_firmware