cbcvebase.
CVE-2014-2908
published 2014-04-25

CVE-2014-2908: Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject…

PriorityP273medium4.3CVSS 2.0
AVNACMAuNCNIPAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
20.95%
97.2th percentile
Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected

3 ranges
VendorProductVersion rangeFixed in
siemenssimatic_s7_cpu_1200_firmware
siemenssimatic_s7_cpu_1200_firmware
siemenssimatic_s7_cpu_1200_firmware

Detection & IOCsextracted from sources · hover to see the quote

url/Portal/Portal.mwsl?PriNav=Bgz&filtername=Name&filtervalue=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&Send=Filter
path/Portal/Portal.mwsl
port80/TCP
port443/TCP
  • Match HTTP 200 responses from /Portal/Portal.mwsl containing 'alert(document.domain)' in the response body with Content-Type text/html as an indicator of successful XSS reflection.
  • Use the Google dork 'inurl:/Portal/Portal.mwsl' to identify exposed Siemens SIMATIC S7-1200 web interfaces on the internet.
  • ·Vulnerability affects only SIMATIC S7-1200 CPU firmware versions V2.X and V3.X; V4.0 and later are patched.
  • ·Exploitation requires user interaction (social engineering); the exploit is only triggered when a local user clicks a malicious link.

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vulncheck4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.