VDB
CNVD-2021-54365
CNVD-2021-54365
PUBLISHED
Siemens SIMATIC WinCC等都是德国西门子(Siemens)公司的产品。SIMATIC WinCC是一套自动化的数据采集与监控(SCADA)系统。Siemens SIMATIC HMI Comfort Panels是一款触摸面板设备。Siemens SIMATIC HMI Comfort Outdoor Panels是一款专用于户外的触摸面板设备。 多款Siemens产品中存在跨站脚本漏洞。该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens SIMATIC HMI Comfort Panels 4" - 22" (incl. SIPLUS variants) < V15.1 Update 1 | ||
| Siemens SIMATIC WinCC (TIA Portal) < V15.1 Update 1 | ||
| Siemens SIMATIC WinCC Runtime Advanced < V15.1 Update 1 | ||
| Siemens SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants) < V15.1 Update 1 | ||
| Siemens SIMATIC WinCC Runtime Professional < V15.1 Update 1 | ||
| Siemens SIMATIC HMI KTP Mobile Panels KTP400F,KTP700,KTP700F,KTP900 and KTP900F < V15.1 Update 1 | ||
| Siemens SIMATIC HMI Classic Devices - TP/MP/OP/MP Mobile Panel (incl. SIPLUS variants) |
Timeline
- May 14, 2019 CVE ID Reserved
- Jul 24, 2021 CVE Published