Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2025-13648 is a stored Cross-Site Scripting (XSS) vulnerability affecting the ZeusWeb industrial SCADA solution from Microcom, specifically version 6.1.31.'}, {'type': 'paragraph', 'content': 'An attacker with registered access to the ZeusWeb web application can inject arbitrary JavaScript code by exploiting the ‘Name’ and ‘Surname’ parameters in the ‘My Account’ section at the URL https://zeus.microcom.es:4040/administracion-estaciones.html.'}, {'type': 'paragraph', 'content': "This vulnerability is classified under CWE-79, which involves improper neutralization of input during web page generation, allowing malicious scripts to be stored and executed in users' browsers."}] [1]

Useful 0 Not Useful 0

Impact Analysis

This stored XSS vulnerability allows an attacker to execute arbitrary JavaScript code in the context of the affected web application.

• It can lead to session hijacking, allowing attackers to impersonate legitimate users.
• It may enable theft of sensitive information accessible through the web application.
• It could facilitate further attacks such as phishing or spreading malware to users of the application.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

[{'type': 'paragraph', 'content': "This vulnerability can be detected by testing the 'Name' and 'Surname' parameters within the 'My Account' section of the ZeusWeb web application at the URL https://zeus.microcom.es:4040/administracion-estaciones.html for stored Cross-Site Scripting (XSS) payloads."}, {'type': 'paragraph', 'content': 'A practical approach is to inject harmless JavaScript snippets or typical XSS test payloads into these parameters and then observe if the injected script executes when the page is loaded.'}, {'type': 'list_item', 'content': "Use a web proxy tool like Burp Suite or OWASP ZAP to intercept and modify requests to the 'My Account' section, injecting test scripts into the 'Name' and 'Surname' fields."}, {'type': 'list_item', 'content': 'Use curl commands to send POST requests with XSS payloads to the vulnerable parameters, for example: curl -X POST -d "Name=<script>alert(1)</script>&Surname=test" https://zeus.microcom.es:4040/administracion-estaciones.html --cookie "session=your_session_cookie"'}, {'type': 'list_item', 'content': 'Monitor the response or subsequent page loads to check if the injected script executes, indicating the presence of the stored XSS vulnerability.'}] [1]

Useful 0 Not Useful 0

Mitigation Strategies

[{'type': 'paragraph', 'content': 'The immediate mitigation step is to upgrade the ZeusWeb software to version 6.2.5 or later, where this vulnerability has been addressed by the provider Microcom.'}, {'type': 'paragraph', 'content': 'Since the affected product is deployed cloud-based by the provider, end users typically do not need to take update actions themselves.'}, {'type': 'paragraph', 'content': "In the meantime, restrict access to the 'My Account' section to trusted users only and monitor for suspicious activity involving the injection of scripts into user input fields."}, {'type': 'paragraph', 'content': 'Implement web application firewall (WAF) rules to detect and block typical XSS payloads targeting the vulnerable parameters.'}] [1]

Useful 0 Not Useful 0