Vulnerable industrial PLC devices with web-based configuration interfaces
Summary
This stored cross-site scripting vulnerability stems from insufficient sanitization of PLC and station names on the communication parameters web page. An authenticated attacker with permission to upload a TIA project can inject malicious script into the affected page. When a privileged legitimate user accesses the communication parameters page, the script executes in the context of their authenticated web session.
Remediation
Install the latest official security patches released for your affected PLC model. Restrict access to the PLC's web interface to only trusted internal management networks. Limit project upload permissions to only authorized trusted personnel to reduce attack risk.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.