Full Report
Polarion before V2506 contains a vulnerability that could allow authenticated remote attackers to conduct cross-site scripting attacks. Siemens has released new versions for the affected products and recommends to update to the latest versions.
Analysis Summary
# Vulnerability: Cross-Site Scripting in Siemens Polarion (Authenticated)
## CVE Details
- CVE ID: CVE-2025-40587
- CVSS Score: 7.6 (High, v3.1) / 6.2 (Medium, v4.0)
- CWE: CWE-79 (Improper Neutralization of Input During Web Page Generation - Cross-site Scripting)
## Affected Systems
- Products: Polarion (Application Lifecycle Management Solution)
- Versions:
- Polarion V2404: All versions prior to V2404.5
- Polarion V2410: All versions prior to V2410.2
- Configurations: Requires the attacker to be authenticated against the system.
## Vulnerability Description
The vulnerability stems from improper handling of input in document titles. An authenticated, remote attacker can inject arbitrary JavaScript code into document titles. When other users view these specially crafted document titles, the embedded script will execute, leading to a Stored Cross-Site Scripting (XSS) attack.
CVSS v3.1 Vector: `CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N`
## Exploitation
- Status: PoC available (Implied via Stored XSS description, though not explicitly stated as public PoC, the capability exists)
- Complexity: Low (AC:L - Low Attack Complexity)
- Attack Vector: Network
## Impact
- Confidentiality: High (C:H)
- Integrity: Low (I:L)
- Availability: None (A:N)
## Remediation
### Patches
The vendor recommends immediate updates to the following versions or later:
- Polarion V2404: Update to **V2404.5** or later.
- Polarion V2410: Update to **V2410.2** or later.
### Workarounds
No specific workarounds are detailed in the summary, but standard network access protection and adherence to operational guidelines are recommended.
## Detection
- Indicators of compromise are not explicitly listed, but monitoring for anomalous JavaScript execution within the application interface or specifically checking database entries for document titles containing script tags (`<script>`) or suspicious HTML encoding/injection attempts is advised.
- Detection methods should focus on application logging related to document title creation/modification by potentially non-standard or malicious user accounts.
## References
- Vendor Advisory: SSA-035571
- Siemens Support Link: hxxps://support.sw.siemens.com/product/230235217/
- Siemens Security Guidelines: hxxps://www.siemens.com/cert/operational-guidelines-industrial-security
- Siemens ProductCERT Advisories: hxxps://www.siemens.com/cert/advisories