Lucene search
HistoryOct 03, 2022 - 4:14 p.m.
CVE-2013-3958
siemens
wincc
login
implementation
vulnerability
nvd
cve-2013-3958
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.8 Medium
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
72.9%
The login implementation in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, has a hardcoded account, which makes it easier for remote attackers to obtain access via an unspecified request.
Affected configurations
Node
siemenssimatic_pcs7Range≤8.0sp1
ORsiemenssimatic_pcs7Match8.0
ORsiemenswinccRange≤7.2
ORsiemenswinccMatch7.0
ORsiemenswinccMatch7.0sp1
ORsiemenswinccMatch7.0sp2
ORsiemenswinccMatch7.0sp3
ORsiemenswinccMatch7.1
ORsiemenswinccMatch7.1sp1
Related
nvd
nvd
CVE-2013-3958
2013-06-14 19:55:01
ptsecurity
ptsecurity
PT-2013-43: Hard-coded credentials in Siemens WinCC and SIMATIC PCS 7
2013-03-03 00:00:00
cvelist
cvelist
CVE-2013-3958
2022-10-03 16:14:45
prion
prion
Hardcoded credentials
2013-06-14 19:55:00
ics
ics
Siemens WinCC 7.2 Multiple Vulnerabilities
2013-06-24 12:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.8 Medium
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
72.9%
Related for CVE-2013-3958