CVE-2014-2908
Published Apr 25, 2014
Last updated 6 years ago
Overview
- Description
- Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7_cpu_1200_firmware:2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B49DC13F-9C46-4918-8717-D042B809FF7D"
},
{
"criteria": "cpe:2.3:o:siemens:simatic_s7_cpu_1200_firmware:3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B8C7A9D3-33C0-465B-914D-3D1FF1BE8272"
},
{
"criteria": "cpe:2.3:o:siemens:simatic_s7_cpu_1200_firmware:3.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2E4278D8-9EED-4E44-BC18-07987D9255E9"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7_cpu-1211c:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E7F8E0D6-D9DE-4F2A-A0D3-84A9EEB8EAFD"
},
{
"criteria": "cpe:2.3:h:siemens:simatic_s7_cpu_1212c:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E6A11F4A-4DA2-4EDC-A51F-69DA422C320F"
},
{
"criteria": "cpe:2.3:h:siemens:simatic_s7_cpu_1214c:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9EB6306C-2F6E-49A3-BFAE-BA6962501697"
},
{
"criteria": "cpe:2.3:h:siemens:simatic_s7_cpu_1215c:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7DC6AAEF-22EE-449B-83A8-9BE0B84199EE"
},
{
"criteria": "cpe:2.3:h:siemens:simatic_s7_cpu_1217c:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "36F69756-6304-489F-A287-65D0A9E81943"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]