Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-0676

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2013-0676
Last Modified 22 Mar 2013 09:55:16
Published 21 Mar 2013 11:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2013-0676

Summary

Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly assign privileges for the database containing WebNavigator credentials, which allows remote authenticated users to obtain sensitive information via a SQL query.

Vulnerable Systems

Application

  • Siemens Simatic Pcs7 7.1

  • Siemens Simatic Pcs7 8.0

  • Siemens Wincc 5.0

  • Siemens Wincc 6.0

  • Siemens Wincc 7.0

  • Siemens Wincc 7.1


References

CONFIRM - http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf

MISC - http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf


Last Updated: 27 May 2016 11:02:06