Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-0678

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2013-0678
Last Modified 22 Mar 2013 12:00:00
Published 21 Mar 2013 11:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2013-0678

Summary

Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly represent WebNavigator credentials in a database, which makes it easier for remote authenticated users to obtain sensitive information via a SQL query.

Vulnerable Systems

Application

  • Siemens Simatic Pcs7 8.0

  • Siemens Wincc 7.0


References

CONFIRM - http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf

MISC - http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf


Last Updated: 27 May 2016 11:02:06