Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-0679

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2013-0679
Last Modified 22 Mar 2013 10:25:30
Published 21 Mar 2013 11:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2013-0679

Summary

Directory traversal vulnerability in the web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote authenticated users to read arbitrary files via vectors involving a query for a pathname.

Vulnerable Systems

Application

  • Siemens Simatic Pcs7 7.1

  • Siemens Simatic Pcs7 8.0

  • Siemens Wincc 5.0

  • Siemens Wincc 6.0

  • Siemens Wincc 7.0

  • Siemens Wincc 7.1


References

CONFIRM - http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf

MISC - http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf


Last Updated: 27 May 2016 11:02:06