A cross-site scripting vulnerability in the Pilz PASvisu Builder Component presents a high-risk security flaw that could lead to unauthorized script execution.

The Builder Component of Pilz PASvisu is susceptible to cross-site scripting. This flaw allows an attacker to inject malicious client-side scripts, which will execute when processed by the application's interface.

With a CVSS score of 7.8, this vulnerability poses a high risk to the security of the development and configuration environment. Exploitation could allow an attacker to compromise administrative sessions or manipulate project configurations, leading to unauthorized access to sensitive operational logic and potential degradation of system integrity.

Immediate Action: Update the Pilz PASvisu Builder Component to the latest version as specified in the official vendor advisory.

Proactive Monitoring: Audit access logs for the Builder interface to identify suspicious activity or repeated attempts to inject unauthorized scripts.

Compensating Controls: Restrict access to the Builder Component to authorized personnel only via network-level controls and ensure that all workstations are hardened against unauthorized web-based traffic.

Public Exploit Available: false

The vulnerability in the Builder Component requires urgent attention to maintain the security of industrial configuration workflows. Security teams should ensure that all instances of the PASvisu software are updated immediately and that access to the environment is strictly limited to authorized engineering staff.