A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected applications that could allow an attacker to inject arbitrary JavaScript code. The code could be potentially executed later by another (possibly privileged) user.
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:LSiemens Opcenter Quality
APPSiemenswszystkie wersjeSiemens Simatic Pcs Neo
APPSiemens< 4.1Siemens Sinumerik Integrate Runmyhmi \/automotive
APPSiemenswszystkie wersjeSiemens Totally Integrated Automation Portal
APPSiemens1815 – 16 (bez)16 – 17 (bez)17 – 18 (bez)14.0 – 15 (bez)
Related vulnerabilities
Stack-based buffer overflow w Siemens SIMATIC PCS neo i UMC — RCE bez uwierzytelnienia
A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote ...
A vulnerability has been identified in Opcenter Quality (All versions < V12.2), QMS Automotive (All versions <...
A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions...
A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions...