Industrial SecurityIndustrial Security

Site ExplorerSite Explorer
Close site explorer

Industrial Security Alert - 10/08 2012

October 8th 2012

Cross-Site Scripting vulnerability in the SIMATIC S7-1200 web application
Siemens has been notified by IT experts from the Russian company "Positive Technologies" of vulnerabilities that exist in the S7-1200 web application. 
If the web server is enabled it is susceptible to Cross-Site Scripting (XSS).  In addition, the web server supports HTTP PUT functionality within authenticated sessions.  HTTP PUT allows an authenticated user to upload new files to the web server. 
We thank Positive Technologies for their information.
Siemens has analyzed these vulnerabilities and prepared an update. 
The firmware update can be obtained by contacting technical support in your region.
More information and instructions for the user can be found here: