A stored cross-site scripting vulnerability in the Pilz PASvisu Runtime component poses a significant risk of unauthorized script execution and session compromise.

This is a stored cross-site scripting vulnerability located in the Runtime component of the software. An attacker with the ability to inject malicious scripts into the application could execute arbitrary code in the context of a victim's browser session.

The vulnerability carries a CVSS score of 8.1, indicating a high severity risk that could lead to unauthorized access to user sessions, data theft, or manipulation of the application interface. Successful exploitation may result in a loss of integrity for the affected industrial control visualization environment, potentially disrupting operational visibility and impacting business continuity.

Immediate Action: Review the official Pilz security advisories and apply all relevant patches or firmware updates provided by the manufacturer.

Proactive Monitoring: Monitor web application logs for unusual input patterns, specifically looking for script tags or encoded characters being submitted to the Runtime component.

Compensating Controls: Deploy a Web Application Firewall (WAF) with strict input validation rules to filter out potential XSS payloads before they reach the PASvisu environment.

Public Exploit Available: false

Given the high CVSS score, organizations utilizing Pilz PASvisu must prioritize this vulnerability. Administrators should verify their current version against the vendor's guidance and apply necessary updates immediately to prevent potential session hijacking or unauthorized data exposure within their industrial infrastructure.