CVE-2012-3040

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2012-3040
Cross-site scripting (XSS) vulnerability in the web server on Siemens SIMATIC S7-1200 PLCs 2.x through 3.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://www.us-cert.gov/control_systems/pdf/ICSA-12-283-01.pdf Broken Link Third Party Advisory US Government Resource
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-279823.pdf Broken Link Vendor Advisory
http://osvdb.org/86130 Broken Link
http://en.securitylab.ru/lab/PT-2012-50 Third Party Advisory
http://secunia.com/advisories/50816 Third Party Advisory
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1200:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1200_cpu_1211c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1200_cpu_1211c:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1200_cpu_1212c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1200_cpu_1212c:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1200_cpu_1212fc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1200_cpu_1212fc:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1200_cpu_1214_fc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214_fc:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1200_cpu_1214c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214c:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1200_cpu_1215_fc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1200_cpu_1215_fc:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1200_cpu_1215c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1200_cpu_1215c:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1200_cpu_1217c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1200_cpu_1217c:-:*:*:*:*:*:*:*
Information

Published : 2012-10-10 11:55

Updated : 2022-02-01 07:16

NVD link : CVE-2012-3040

Mitre link : CVE-2012-3040

JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa
Products Affected

siemens

  • simatic_s7-1200_cpu_1214c_firmware
  • simatic_s7-1200_cpu_1214_fc_firmware
  • simatic_s7-1200_cpu_1217c
  • simatic_s7-1200_cpu_1214_fc
  • simatic_s7-1200_cpu_1212c_firmware
  • simatic_s7-1200_cpu_1212fc
  • simatic_s7-1200_cpu_1215c
  • simatic_s7-1200_cpu_1211c_firmware
  • simatic_s7-1200_cpu_1211c
  • simatic_s7-1200_cpu_1214c
  • simatic_s7-1200
  • simatic_s7-1200_firmware
  • simatic_s7-1200_cpu_1215c_firmware
  • simatic_s7-1200_cpu_1217c_firmware
  • simatic_s7-1200_cpu_1215_fc_firmware
  • simatic_s7-1200_cpu_1212c
  • simatic_s7-1200_cpu_1212fc_firmware
  • simatic_s7-1200_cpu_1215_fc