Description
A stored cross-site scripting vulnerability in the Runtime component of Pilz PASvisu before 1.14.1 and PMI v8xx up to and including 2.0.33992 allows a low-privileged remote unauthenticated attacker to manipulate process data with potential impact on integrity and/or availability.
Published: 2026-06-22
Score: 8.1 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A stored cross-site scripting flaw exists in the Runtime component of Pilz PASvisu prior to version 1.14.1 and in Pilz PMI v8xx up to and including version 2.0.33992. An attacker can inject malicious scripts that are subsequently executed within a victim’s browser whenever the affected data is displayed, enabling the attacker to manipulate process data. This can lead to unauthorized changes in process parameters and potentially disrupt normal operations.

Affected Systems

The vulnerability affects Pilz PASvisu versions earlier than 1.14.1 and Pilz PMI v8xx up to and including 2.0.33992. Higher‑level versions are not impacted.

Risk and Exploitability

The CVSS score of 8.1 indicates high severity. Exploitation is possible over the network from a low‑privileged or unauthenticated attacker, which is inferred from the description of a stored XSS that can be triggered remotely. No EPSS score is provided, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is likely through unauthorized web‑based interactions, but this is not explicitly stated in the advisory and is therefore inferred.

Generated by OpenCVE AI on June 22, 2026 at 11:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Pilz PASvisu to version 1.14.1 or later.
  • Upgrade Pilz PMI v8xx to version 2.0.33993 or later.
  • Limit web interface access by applying network segmentation and enforcing least privilege to reduce exposure to unauthenticated attackers.

Generated by OpenCVE AI on June 22, 2026 at 11:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 22 Jun 2026 10:00:00 +0000

Type Values Removed Values Added
Description A stored cross-site scripting vulnerability in the Runtime component of Pilz PASvisu before 1.14.1 and PMI v8xx up to and including 2.0.33992 allows a low-privileged remote unauthenticated attacker to manipulate process data with potential impact on integrity and/or availability.
Title XSS vulnerability in Pilz PASvisu and PMI v8xx
First Time appeared Pilz
Pilz pasvisu
Pilz pmi V8xx
Weaknesses CWE-79
CPEs cpe:2.3:a:pilz:pasvisu:*:*:*:*:*:*:*:*
cpe:2.3:a:pilz:pmi_v8xx:*:*:*:*:*:*:*:*
Vendors & Products Pilz
Pilz pasvisu
Pilz pmi V8xx
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H'}

Subscriptions

Pilz Pasvisu Pmi V8xx
cve-icon MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published:

Updated: 2026-06-22T09:04:55.857Z

Reserved: 2023-10-13T06:40:49.611Z

Link: CVE-2023-45796

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-22T11:30:05Z

Weaknesses
  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')