CVE-2012-3040

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2012-3040
Cross-site scripting (XSS) vulnerability in the web server on Siemens SIMATIC S7-1200 PLCs 2.x through 3.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://en.securitylab.ru/lab/PT-2012-50 Third Party Advisory
http://osvdb.org/86130 Broken Link
http://secunia.com/advisories/50816 Third Party Advisory
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-279823.pdf Broken Link Vendor Advisory
http://www.us-cert.gov/control_systems/pdf/ICSA-12-283-01.pdf Broken Link Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1200:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1200_cpu_1211c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1200_cpu_1211c:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1200_cpu_1212c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1200_cpu_1212c:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1200_cpu_1212fc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1200_cpu_1212fc:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1200_cpu_1214_fc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214_fc:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1200_cpu_1214c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214c:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1200_cpu_1215_fc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1200_cpu_1215_fc:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1200_cpu_1215c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1200_cpu_1215c:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1200_cpu_1217c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1200_cpu_1217c:-:*:*:*:*:*:*:*
History

01 Feb 2022, 15:16

Type Values Removed Values Added
References (SECUNIA) http://secunia.com/advisories/50816 - (SECUNIA) http://secunia.com/advisories/50816 - Third Party Advisory
References (MISC) http://en.securitylab.ru/lab/PT-2012-50 - (MISC) http://en.securitylab.ru/lab/PT-2012-50 - Third Party Advisory
References (MISC) http://www.us-cert.gov/control_systems/pdf/ICSA-12-283-01.pdf - US Government Resource (MISC) http://www.us-cert.gov/control_systems/pdf/ICSA-12-283-01.pdf - Broken Link, Third Party Advisory, US Government Resource
References (CONFIRM) http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-279823.pdf - Vendor Advisory (CONFIRM) http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-279823.pdf - Broken Link, Vendor Advisory
References (OSVDB) http://osvdb.org/86130 - (OSVDB) http://osvdb.org/86130 - Broken Link
CPE cpe:2.3:h:siemens:simatic_s7-1200_plc:2.2:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1200_plc:3.0.0:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1200_plc:2.0:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1200_plc:3.0.1:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1200_plc:2.1:*:*:*:*:*:*:*		 cpe:2.3:o:siemens:simatic_s7-1200_cpu_1212fc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_s7-1200_cpu_1214_fc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1200_cpu_1212c:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_s7-1200_cpu_1211c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1200_cpu_1212fc:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1200_cpu_1211c:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_s7-1200_cpu_1214c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_s7-1200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_s7-1200_cpu_1212c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214_fc:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214c:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_s7-1200_cpu_1217c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1200_cpu_1217c:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1200:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_s7-1200_cpu_1215_fc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1200_cpu_1215_fc:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1200_cpu_1215c:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_s7-1200_cpu_1215c_firmware:*:*:*:*:*:*:*:*
Information

Published : 2012-10-10 18:55

Updated : 2024-02-04 18:16

NVD link : CVE-2012-3040

Mitre link : CVE-2012-3040

CVE.ORG link : CVE-2012-3040

JSON object : View

Products Affected

siemens

  • simatic_s7-1200_cpu_1217c_firmware
  • simatic_s7-1200_cpu_1215c
  • simatic_s7-1200_cpu_1215_fc
  • simatic_s7-1200_cpu_1215_fc_firmware
  • simatic_s7-1200_cpu_1214_fc_firmware
  • simatic_s7-1200_cpu_1214c
  • simatic_s7-1200_cpu_1211c
  • simatic_s7-1200_cpu_1212fc
  • simatic_s7-1200_cpu_1215c_firmware
  • simatic_s7-1200_cpu_1212c
  • simatic_s7-1200_cpu_1212fc_firmware
  • simatic_s7-1200_cpu_1214c_firmware
  • simatic_s7-1200_cpu_1214_fc
  • simatic_s7-1200_cpu_1217c
  • simatic_s7-1200
  • simatic_s7-1200_firmware
  • simatic_s7-1200_cpu_1212c_firmware
  • simatic_s7-1200_cpu_1211c_firmware
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')