Lucene search
HistoryOct 03, 2022 - 4:15 p.m.
CVE-2013-0678
siemens
wincc
simatic pcs7
security vulnerability
cve-2013-0678
nvd
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
6.2 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
50.0%
Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly represent WebNavigator credentials in a database, which makes it easier for remote authenticated users to obtain sensitive information via a SQL query.
Affected configurations
Node
siemenssimatic_pcs7Range≤8.0
ORsiemenswinccRange≤7.0sp3
ORsiemenswinccMatch7.0
ORsiemenswinccMatch7.0sp1
ORsiemenswinccMatch7.0sp2
| CPE | Name | Operator | Version |
|---|---|---|---|
| siemens:simatic_pcs7 | siemens simatic pcs7 | le | 8.0 |
| siemens:wincc | siemens wincc | le | 7.0 |
Related
prion
prion
Information disclosure
2013-03-21 15:55:00
nvd
nvd
CVE-2013-0678
2013-03-21 15:55:01
ptsecurity
ptsecurity
PT-2013-25: Information Disclosure in Siemens Simatic WinCC and PCS 7
2012-11-07 00:00:00
cvelist
cvelist
CVE-2013-0678
2022-10-03 16:15:03
ics
ics
Siemens WinCC 7.0 SP3 Multiple Vulnerabilities
2013-05-08 12:00:00
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
6.2 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
50.0%
Related for CVE-2013-0678