PT-2013-35: Cross-Site Scripting in Siemens Simatic WinCC TIA Portal
Siemens Simatic WinCC TIA Portal
Severity level: Medium
Impact: Reflected Cross-Site Scripting
Access Vector: Remote
Base Score: 4.3
WinCC TIA Portal is part of a new, integrated engineering concept which offers a uniform engineering environment for programming and configuration of control, visualization and drive solutions.
The specialists of the Positive Research center have detected "Cross-Site Scripting" vulnerability in Siemens Simatic WinCC TIA Portal.
How to fix
Update your software up to the latest version
21.09.2012 - Vendor gets vulnerability details
15.03.2013 - Vendor releases fixed version and details
29.03.2013 - Public disclosure
The vulnerability was discovered by Artem Chaykin, Positive Research Center (Positive Technologies Company)
Reports on the vulnerabilities previously discovered by Positive Research: