CVE-2012-3040

Published: Oct 10, 2012Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in the web server on Siemens SIMATIC S7-1200 PLCs 2.x through 3.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI.

Affected (9)

Products: Siemens: Simatic S7 1200 Firmware, Simatic S7 1200 Cpu 1211c Firmware, Simatic S7 1200 Cpu 1212c Firmware, Simatic S7 1200 Cpu 1212fc Firmware, Simatic S7 1200 Cpu 1214 Fc Firmware, Simatic S7 1200 Cpu 1214c Firmware, Simatic S7 1200 Cpu 1215 Fc Firmware, Simatic S7 1200 Cpu 1215c Firmware, Simatic S7 1200 Cpu 1217c Firmware

Siemens

9 products

Simatic S7 1200 Firmware

Simatic S7 1200 Cpu 1211c Firmware

Simatic S7 1200 Cpu 1212c Firmware

Simatic S7 1200 Cpu 1212fc Firmware

Simatic S7 1200 Cpu 1214 Fc Firmware

Simatic S7 1200 Cpu 1214c Firmware

Simatic S7 1200 Cpu 1215 Fc Firmware

Simatic S7 1200 Cpu 1215c Firmware

Simatic S7 1200 Cpu 1217c Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic S7 1200 Firmware	From 2.0.0 to 3.0.2

Running on/with	Platform Versions
Siemens Simatic S7 1200	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic S7 1200 Cpu 1211c Firmware	From 2.0.0 to 3.0.2

Running on/with	Platform Versions
Siemens Simatic S7 1200 Cpu 1211c	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic S7 1200 Cpu 1212c Firmware	From 2.0.0 to 3.0.2

Running on/with	Platform Versions
Siemens Simatic S7 1200 Cpu 1212c	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic S7 1200 Cpu 1212fc Firmware	From 2.0.0 to 3.0.2

Running on/with	Platform Versions
Siemens Simatic S7 1200 Cpu 1212fc	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic S7 1200 Cpu 1214 Fc Firmware	From 2.0.0 to 3.0.2

Running on/with	Platform Versions
Siemens Simatic S7 1200 Cpu 1214 Fc	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic S7 1200 Cpu 1214c Firmware	From 2.0.0 to 3.0.2

Running on/with	Platform Versions
Siemens Simatic S7 1200 Cpu 1214c	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic S7 1200 Cpu 1215 Fc Firmware	From 2.0.0 to 3.0.2

Running on/with	Platform Versions
Siemens Simatic S7 1200 Cpu 1215 Fc	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic S7 1200 Cpu 1215c Firmware	From 2.0.0 to 3.0.2

Running on/with	Platform Versions
Siemens Simatic S7 1200 Cpu 1215c	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic S7 1200 Cpu 1217c Firmware	From 2.0.0 to 3.0.2

Running on/with	Platform Versions
Siemens Simatic S7 1200 Cpu 1217c	All versions

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (10)

http://en.securitylab.ru/lab/PT-2012-50

Source: ics-cert@hq.dhs.gov

Third Party Advisory

http://osvdb.org/86130

Source: ics-cert@hq.dhs.gov

Broken Link

http://secunia.com/advisories/50816

Source: ics-cert@hq.dhs.gov

Third Party Advisory

http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-279823.pdf

Source: ics-cert@hq.dhs.gov

Broken LinkVendor Advisory

http://www.us-cert.gov/control_systems/pdf/ICSA-12-283-01.pdf

Source: ics-cert@hq.dhs.gov

Broken LinkThird Party AdvisoryUS Government Resource

http://en.securitylab.ru/lab/PT-2012-50