Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2025-13650 is a reflected Cross-Site Scripting (XSS) vulnerability in the ZeusWeb industrial SCADA solution from Microcom, specifically version 6.1.31.'}, {'type': 'paragraph', 'content': "An attacker who has access to the ZeusWeb web application can inject arbitrary JavaScript code by exploiting the 'Surname' parameter in the 'Create Account' operation at the URL https://zeus.microcom.es:4040/index.html?zeus6=true."}, {'type': 'paragraph', 'content': 'This injection occurs without requiring registration but does require the attacker to perform an action within the application.'}, {'type': 'paragraph', 'content': 'The vulnerability is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation) and involves reflected XSS attacks.'}] [1]

Useful 0 Not Useful 0

Impact Analysis

[{'type': 'paragraph', 'content': "This vulnerability allows an attacker to execute arbitrary JavaScript code in the context of the victim's browser when interacting with the ZeusWeb application."}, {'type': 'paragraph', 'content': 'Potential impacts include theft of user session tokens, redirection to malicious sites, or performing actions on behalf of the user.'}, {'type': 'paragraph', 'content': 'However, the CVSS v4.0 base score of 5.1 indicates a medium severity with low impact on confidentiality and integrity, requiring low privileges and user interaction.'}] [1]

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

[{'type': 'paragraph', 'content': "This vulnerability can be detected by testing the 'Surname' parameter in the 'Create Account' operation of the ZeusWeb application for reflected Cross-Site Scripting (XSS) issues."}, {'type': 'paragraph', 'content': "A practical approach is to send HTTP requests to the URL https://zeus.microcom.es:4040/index.html?zeus6=true with an XSS payload injected into the 'Surname' parameter and observe if the payload is reflected and executed."}, {'type': 'paragraph', 'content': 'For example, you can use curl to send a test request with a simple XSS payload:'}, {'type': 'list_item', 'content': "curl -X POST 'https://zeus.microcom.es:4040/index.html?zeus6=true' -d 'Surname=<script>alert(1)</script>&other_parameters=values'"}, {'type': 'paragraph', 'content': 'If the response contains the injected script without proper sanitization, the vulnerability is present.'}] [1]

Useful 0 Not Useful 0

Mitigation Strategies

[{'type': 'paragraph', 'content': 'The immediate mitigation step is to ensure that the ZeusWeb application is updated to version 6.2.5 or later, as Microcom has released this version to fix the vulnerability.'}, {'type': 'paragraph', 'content': 'Since ZeusWeb is cloud-based and managed by Microcom, end users typically do not need to take any update actions because the provider has already deployed the fixed version for all users.'}, {'type': 'paragraph', 'content': "Additionally, as a general best practice, restrict access to the web application to trusted users only and monitor for any suspicious activity involving the 'Create Account' operation."}] [1]

Useful 0 Not Useful 0