AUMA: Reflected Cross-Site Scripting Vulnerability in SIMA Master Stations

VDE-2023-027

Last update

08/07/2023 11:35

Published at

08/07/2023 11:35

Vendor(s)

AUMA Riester GmbH & Co. KG

External ID

VDE-2023-027

CSAF Document

Download

Summary

A reflected cross-site scripting vulnerability exists in the System Diagnostics Manager (SDM) component of SIMA² Master Stations.

Impact

Please consult the CVE details.

Affected Product(s)

Model no.	Product name	Affected versions
	SIMA² Master Station vers:all/*	SIMA² Master Station vers:all/*

Vulnerabilities

Expand / Collapse all

Published

09/22/2025 14:58

Severity

6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Weakness

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)

Summary

A reflected cross-site scripting (XSS) vulnerability exists in System Diagnostics Manager of B&R Automation Runtime versions >=3.00 and <=C4.93 that enables a remote attacker to execute arbitrary JavaScript in the context of the users browser session.

References

cve.org | nvd.nist.gov

Mitigation

Do not use Hyperlinks provided by untrusted 3rd party to access the SIMA² System Diagnostics Manager. Hyperlinks may be provided via:

Emails from unknown users
Social media channels
Messaging services
Webpages with comment functionality
QR Codes

The use of external Web Application Firewalls (WAF) can mitigate attacks using reflected cross-site scripting.

Revision History

Version	Date	Summary
1.0.0	08/07/2023 11:35	Initial revision.

AUMA: Reflected Cross-Site Scripting Vulnerability in SIMA Master Stations

Summary

Impact

Affected Product(s)

Vulnerabilities

CVE-2022-4286 6.1

Mitigation

Revision History