The login screen does not sufficiently sanitize input, which enables an attacker to generate specially crafted log messages. If an unsuspecting user views the log messages via a web browser, these log messages might be interpreted and executed as code by the web application. This cross-site scripting (XSS) vulnerability might compromise the confidentiality, integrity, and availability of the web application.
SICAM WEB firmware: all versions prior to C05.30
Siemens recommends users update to the latest version, v05.30