OTPulse
FeedAboutContact

Siemens Climatix BACnet/IP Communication Module Cross-site Scripting Vulnerability

Low RiskICS-CERT ICSA-15-176-01Mar 28, 2015
Summary

The Siemens Climatix BACnet/IP communication module versions prior to V10.34 contain a cross-site scripting (XSS) vulnerability in the web interface. The vulnerability allows an attacker to inject malicious scripts into the web application, which execute in the context of a user's browser session when they access the affected module. This could enable attackers to steal administrative credentials, hijack sessions, or perform unauthorized configuration changes to the building automation system. No patch is available from Siemens for this vulnerability.

What this means
What could happen
An attacker with access to the web interface could inject malicious scripts that execute in a user's browser, potentially capturing credentials or performing unauthorized actions on the building automation system.
Who's at risk
Building automation and HVAC system administrators who operate Siemens Climatix BACnet/IP communication modules, particularly those who access the module's web interface for configuration or monitoring. This affects facilities management in commercial buildings, hospitals, data centers, and other controlled-environment facilities.
How it could be exploited
An attacker with network access to the BACnet/IP communication module's web interface injects malicious JavaScript through an unvalidated input field. When an administrator accesses the module's web UI, the script executes in their browser session, allowing the attacker to steal session tokens, capture credentials, or modify system settings.
Prerequisites
  • Network access to the Climatix BACnet/IP module's web interface (typically port 80/443)
  • A user must visit the compromised web page in their browser for the script to execute
Cross-site scripting vulnerabilityWeb interface requires user interactionNo vendor patch availableLow exploit probability (0.8% EPSS)
Exploitability
Low exploit probability (EPSS 0.8%)
Affected products (1)
ProductAffected VersionsFix Status
Climatix BACnet/IP communication module: <V10.34.<V10.34.No fix (EOL)
Remediation & Mitigation
0/5
Do now
0/3
WORKAROUNDImplement firewall rules to restrict web interface access to the BACnet/IP module to trusted engineering workstations only
HARDENINGDisable web interface access if not actively required for operations; manage the module through alternative methods or isolated management networks
HARDENINGRequire users to change default credentials and enforce strong passwords for web interface authentication
Mitigations - no patch available
0/2
Climatix BACnet/IP communication module: <V10.34. has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGSegment the BACnet network from general IT networks to reduce the attack surface
HARDENINGMonitor access logs to the module's web interface for suspicious activity
View full CISA ICS-CERT advisory
โ†‘โ†“ Navigate ยท Esc Close
API: /api/v1/advisories/2228c292-5218-4475-90d3-0bdb5f1f9888