OTPulse
FeedAboutContact

Cross Site Scripting Vulnerability in PLM Help Server V4.2

Monitor6.1SSA-274282Dec 13, 2022
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

Siemens PLM Help Server V4.2 contains a reflected cross-site scripting (XSS) vulnerability in its documentation interface. An attacker can inject malicious JavaScript through specially crafted URLs. The vulnerability affects all versions of V4.2. This product is end-of-life and will not receive security patches. Siemens recommends upgrading to the new Documentation Server product.

What this means
What could happen
An attacker could send a malicious link to users viewing PLM Help Server V4.2 documentation, causing the browser to execute JavaScript in their session or steal their authentication credentials. This could lead to unauthorized access to engineering documentation and process information.
Who's at risk
Engineering teams, technicians, and operations staff at water authorities and utilities who use Siemens PLM Help Server V4.2 for accessing process documentation, control logic, and system specifications. This affects anyone with browser access to the documentation server on the engineering network.
How it could be exploited
An attacker crafts a malicious URL containing JavaScript code and tricks a user (engineer, technician, or manager) into clicking the link while authenticated to PLM Help Server V4.2. The server reflects the JavaScript back in the page, where it executes in the user's browser with their authentication context. The attacker can then steal session cookies, capture credentials, or deface documentation.
Prerequisites
  • User must click a malicious link provided by the attacker
  • User must be authenticated or accessing the PLM Help Server from a network where it is reachable
  • PLM Help Server V4.2 must be deployed and accessible on the network
remotely exploitablelow complexityuser interaction requiredend-of-life product no longer patched
Exploitability
Low exploit probability (EPSS 0.5%)
Affected products (1)
ProductAffected VersionsFix Status
PLM Help Server V4.2All versionsNo fix (EOL)
Remediation & Mitigation
0/3
Do now
0/1
WORKAROUNDRestrict network access to PLM Help Server V4.2 using firewall rules to limit which users and systems can reach the service
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade from PLM Help Server V4.2 to the new Siemens Documentation Server version
Mitigations - no patch available
0/1
PLM Help Server V4.2 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGImplement network segmentation to isolate PLM Help Server V4.2 to engineering workstations only
View full Siemens ProductCERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/68a3fb10-a2a8-49e8-a972-47df29dfb8f8
Cross Site Scripting Vulnerability in PLM Help Server V4.2 | CVSS 6.1 - OTPulse