Lucene search
HistoryOct 03, 2022 - 4:15 p.m.
CVE-2012-3028
cve-2012-3028
csrf
webnavigator
siemens
wincc 7.0
sp3
simatic
pcs7
security vulnerability
7.5 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
55.1%
Cross-site request forgery (CSRF) vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data or cause a denial of service.
Affected configurations
Node
siemenssimatic_pcs7Match8.0
ORsiemenswinccRange≤7.0sp3
ORsiemenswinccMatch5.0
ORsiemenswinccMatch5.0sp1
ORsiemenswinccMatch6.0
ORsiemenswinccMatch6.0sp2
ORsiemenswinccMatch6.0sp3
ORsiemenswinccMatch6.0sp4
ORsiemenswinccMatch7.0
ORsiemenswinccMatch7.0sp1
ORsiemenswinccMatch7.0sp2
Related
cvelist
cvelist
CVE-2012-3028
2022-10-03 16:15:23
prion
prion
Cross site request forgery (csrf)
2012-09-18 14:55:00
nvd
nvd
CVE-2012-3028
2012-09-18 14:55:01
ptsecurity
ptsecurity
ics
ics
Siemens WinCC WebNavigator Multiple Vulnerabilities
2014-08-29 12:00:00
7.5 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
55.1%
Related for CVE-2012-3028