CVE-2014-2908
published 2014-04-25CVE-2014-2908: Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject…
PriorityP273medium4.3CVSS 2.0
AVNACMAuNCNIPAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
20.95%
97.2th percentile
Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | simatic_s7_cpu_1200_firmware | — | — |
| siemens | simatic_s7_cpu_1200_firmware | — | — |
| siemens | simatic_s7_cpu_1200_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
url/Portal/Portal.mwsl?PriNav=Bgz&filtername=Name&filtervalue=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&Send=Filter↗
- →Match HTTP 200 responses from /Portal/Portal.mwsl containing 'alert(document.domain)' in the response body with Content-Type text/html as an indicator of successful XSS reflection. ↗
- →Use the Google dork 'inurl:/Portal/Portal.mwsl' to identify exposed Siemens SIMATIC S7-1200 web interfaces on the internet. ↗
- ·Vulnerability affects only SIMATIC S7-1200 CPU firmware versions V2.X and V3.X; V4.0 and later are patched. ↗
- ·Exploitation requires user interaction (social engineering); the exploit is only triggered when a local user clicks a malicious link. ↗
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vulncheck4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Siemens SIMATIC S7 Cpu 1200 3.0.2 cross site scripting (ssa-892012 / EDB-44687)
vuldb·2026-05-12·CVSS 4.3
CVE-2014-2908 [MEDIUM] Siemens SIMATIC S7 Cpu 1200 3.0.2 cross site scripting (ssa-892012 / EDB-44687)
A vulnerability labeled as problematic has been found in Siemens SIMATIC S7 Cpu 1200 3.0.2. This affects an unknown part. Executing a manipulation can lead to cross site scripting.
This vulnerability appears as CVE-2014-2908. The attack may be performed from remote. In addition, an exploit is available.
GHSA
GHSA-9wch-7mq3-829x: Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2
ghsa_unreviewed·2022-05-14
CVE-2014-2908 [MEDIUM] CWE-79 GHSA-9wch-7mq3-829x: Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2
Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
VulnCheck
Siemens simatic_s7_cpu_1200_firmware Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
vulncheck·2014·CVSS 4.3
CVE-2014-2908 [MEDIUM] Siemens simatic_s7_cpu_1200_firmware Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Siemens simatic_s7_cpu_1200_firmware Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Affected: Siemens simatic_s7_cpu_1200_firmware
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-june-2024; https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-august-2024; https://www.f5.com/labs/articles/threat-intellige
CISA ICS
Siemens SIMATIC S7-1200 CPU Web Vulnerabilities
cisa_ics·2018-09-06·CVSS 4.3
[MEDIUM] Siemens SIMATIC S7-1200 CPU Web Vulnerabilities
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SIMATIC S7-1200 CPU Web Vulnerabilities
Last RevisedSeptember 06, 2018
Alert CodeICSA-14-114-02
## OVERVIEW
Siemens ProductCERT and Ralf Spenneberg, Hendrik Schwartke, and Maik Brüggemann from OpenSource Training have reported two vulnerabilities in the Siemens SIMATIC S7-1200 CPU family. Siemens has produced a new product release that mitigates these vulnerabilities.
## AFFECTED PRODUCTS
The following Siemens SIMATIC S7-1200 CPU versions are affected:
- SIMATIC S7-1200 CPU family Versions: V2.X and V3.X.
## IMPACT
Attackers could use these vulnerabilities to perfor
No detection rules found.
Exploit-DB
Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting
exploitdb·2018-05-22·CVSS 4.3
CVE-2014-2908 [MEDIUM] Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting
Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting
---
# Exploit Title: Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting
# Google Dork: inurl:/Portal/Portal.mwsl
# Date: 2018-05-22
# Exploit Author: t4rkd3vilz, Jameel Nabbo
# Vendor Homepage: https://www.siemens.com/
# Version: SIMATIC S7-1200 CPU family Versions: V2.X and V3.X.
# Tested on: Kali Linux
# CVE: CVE-2014-2908
http://TargetIp/Portal/Portal.mwsl?PriNav=Bgz&filtername=Name&filtervalue=
">&Send=Filter
Nuclei
Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting
nuclei·CVSS 4.3
CVE-2014-2908 [MEDIUM] Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting
Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting
A cross-site scripting vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Template:
id: CVE-2014-2908
info:
name: Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting
author: daffainfo
severity: medium
description: A cross-site scripting vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the affected user's browser.
remediation: Upgrade to v4.0 or late
http://ics-cert.us-cert.gov/advisories/ICSA-14-114-02http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-892012.pdfhttps://www.exploit-db.com/exploits/44687/http://ics-cert.us-cert.gov/advisories/ICSA-14-114-02http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-892012.pdfhttps://www.exploit-db.com/exploits/44687/
2014-04-25
Published
Exploited in the wild