Simatic S7 1200 Firmware
CVE-2012-3040
MEDIUM
Severity by source
AV:N/AC:M/Au:N/C:N/I:P/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:M/Au:N/C:N/I:P/A:N
Lifecycle Timeline
1DescriptionCVE.org
Cross-site scripting (XSS) vulnerability in the web server on Siemens SIMATIC S7-1200 PLCs 2.x through 3.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI.
AnalysisAI
Cross-site scripting (XSS) vulnerability in the web server on Siemens SIMATIC S7-1200 PLCs 2.x through 3.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross-site scripting (XSS) vulnerability in the web server on Siemens SIMATIC S7-1200 PLCs 2.x through 3.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI. Affected products include: Siemens Simatic S7-1200 Firmware, Siemens Simatic S7-1200 Cpu 1211C Firmware, Siemens Simatic S7-1200 Cpu 1212C Firmware, Siemens Simatic S7-1200 Cpu 1212Fc Firmware, Siemens Simatic S7-1200 Cpu 1214 Fc Firmware. Version information: through 3.0.1.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
More in Simatic S7 1200 Firmware
View allSpecially crafted packets sent to port 161/udp could cause a denial of service condition. Rated high severity (CVSS 8.7)
Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to cause a denial of service (defect-mode transition and
Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to cause a denial of service (defect-mode transition and
Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a loc
A vulnerability has been identified in SIMATIC S7-1200 (All versions), SIMATIC S7-1500 (All Versions < V2.6). Rated high
Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a d
A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. Rated medium severity (CVSS 6.8), this vulnerab
The Siemens SIMATIC S7-1200 2.x PLC does not properly protect the private key of the SIMATIC CONTROLLER Certification Au
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today