PT-2013-35: Cross-Site Scripting in Siemens Simatic WinCC TIA Portal Vulnerable softwareSiemens Simatic WinCC TIA Portal Version: 11.x Application link: http://www.siemens.com/Severity levelSeverity level: Medium Impact: Reflected Cross-Site Scripting Access Vector: Remote CVSS v2: Base Score: 4.3 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)CVE: CVE-2013-0668Software descriptionWinCC TIA Portal is part of a new, integrated engineering concept which offers a uniform engineering environment for programming and configuration of control, visualization and drive solutions.Vulnerability descriptionThe specialists of the Positive Research center have detected "Cross-Site Scripting" vulnerability in Siemens Simatic WinCC TIA Portal.The HMI’s web application is susceptible to reflected Cross-Site-Scripting attacks. If a legitimate user clicks on a malicious link, JavaScript code may get executed and session information may be stolen.How to fixUpdate your software up to the latest versionAdvisory status 21.09.2012 - Vendor gets vulnerability details 15.03.2013 - Vendor releases fixed version and details 29.03.2013 - Public disclosureCreditsThe vulnerability was discovered by Artem Chaykin, Positive Research Center (Positive Technologies Company)Referenceshttp://en.securitylab.ru/lab/PT-2013-35 http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-212483.pdf Reports on the vulnerabilities previously discovered by Positive Research:http://ptsecurity.com/research/advisory/ http://en.securitylab.ru/lab/