CVE-2012-3031

2022-10-0316:15:22

CWE-79

[email protected]

web.nvd.nist.gov

cve-2012-3031

cross-site scripting

xss vulnerabilities

siemens wincc

webnavigator

simatic pcs7

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allow remote attackers to inject arbitrary web script or HTML via a (1) GET parameter, (2) POST parameter, or (3) Referer HTTP header.

Affected configurations

NVD

Node

siemenssimatic_pcs7Match8.0

siemenswinccRange≤7.0sp3

siemenswinccMatch5.0

siemenswinccMatch5.0sp1

siemenswinccMatch6.0

siemenswinccMatch6.0sp2

siemenswinccMatch6.0sp3

siemenswinccMatch6.0sp4

siemenswinccMatch7.0

siemenswinccMatch7.0sp1

siemenswinccMatch7.0sp2

CPENameOperatorVersion
siemens:simatic_pcs7siemens simatic pcs7eq8.0
siemens:winccsiemens winccle7.0
siemens:winccsiemens wincceq5.0
siemens:winccsiemens wincceq6.0