What is CVE-2014-2908?

CVE-2014-2908 is a vulnerability in Siemens Simatic_s7_cpu_1200_firmware, classified under Cross-site Scripting. Published 2014-04-25.

Is CVE-2014-2908 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

XSS in Siemens Simatic_s7_cpu_1200_firmware

CVE-2014-2908

Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.680 (98.6th percentile) — read the EPSS interpretation.

Affected products

Siemens Simatic_s7_cpu_1200_firmware — versions 2.0, 3.0, 3.0.2
Siemens Simatic_s7_cpu-1211c
Siemens Simatic_s7_cpu_1212c
Siemens Simatic_s7_cpu_1214c
Siemens Simatic_s7_cpu_1215c
Siemens Simatic_s7_cpu_1217c
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

Public proof-of-concept exploits

References

cve@mitre.org (US Government Resource, x_refsource_MISC)
44687 (exploit, x_refsource_EXPLOIT-DB)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
cve@mitre.org (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2014-2908?: CVE-2014-2908 is a vulnerability in Siemens Simatic_s7_cpu_1200_firmware, classified under Cross-site Scripting. Published 2014-04-25.
Is CVE-2014-2908 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.