Siemens SIMATIC HMI Multiple Unspecified Cross Site Scripting Vulnerabilities
BID:51835
Info
Siemens SIMATIC HMI Multiple Unspecified Cross Site Scripting Vulnerabilities
| Bugtraq ID: | 51835 |
| Class: | Input Validation Error |
| CVE: |
CVE-2011-4510 CVE-2011-4511 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 30 2012 12:00AM |
| Updated: | Apr 18 2012 09:20PM |
| Credit: | Billy Rios, Terry McCorkle, Shawn Merdinger, and Luigi Auriemma. |
| Vulnerable: |
Siemens SIMATIC HMI Smart Options 0 Siemens SIMATIC HMI 0 |
| Not Vulnerable: | |
Discussion
Siemens SIMATIC HMI Multiple Unspecified Cross Site Scripting Vulnerabilities
SIMATIC HMI is prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
SIMATIC HMI is prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Exploit / POC
Siemens SIMATIC HMI Multiple Unspecified Cross Site Scripting Vulnerabilities
Attackers can exploit these issues by enticing an unsuspecting victim to follow a malicious URI.
Attackers can exploit these issues by enticing an unsuspecting victim to follow a malicious URI.
Solution / Fix
Siemens SIMATIC HMI Multiple Unspecified Cross Site Scripting Vulnerabilities
Solution:
Vendor updates are available. Please see the references for more information.
Solution:
Vendor updates are available. Please see the references for more information.
References
Siemens SIMATIC HMI Multiple Unspecified Cross Site Scripting Vulnerabilities
References:
References:
- SIMATIC HMI Homepage (Siemems)
- http://www.attrition.org/mailman/listinfo/vim (ICS-CERT)
- ICSA-12-030-01�??SIEMENS SIMATIC WinCC MULTIPLE VULNERABILITIES (ICS-CERT)