Siemens SIMATIC S7 PLCs Cross-Site Scripting Vulnerability in Web Interface

A cross-site scripting vulnerability has been identified in Siemens SIMATIC S7-1500 PLCs, including related ET 200 CPUs and SIPLUS variants. The issue arises because the web server on affected devices does not properly validate and sanitize PLC or station names displayed on the 'communication' parameters page. This flaw could enable an authenticated attacker, authorized to download a TIA project, to inject malicious scripts. If a user with the appropriate rights accesses the 'communication' parameters page, the injected script would execute within their web session.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where injected scripts are executed in the context of the user's web session, potentially leading to session hijacking or credential theft.

Remediation

Siemens has released patches for the vulnerability in the SIMATIC S7-1500 CPU family and related ET 200 CPUs. For products where a fix is not yet available, Siemens recommends restricting TIA project downloads to trusted personnel.