Lucene search

K
cve[email protected]CVE-2013-3958
HistoryOct 03, 2022 - 4:14 p.m.

CVE-2013-3958

2022-10-0316:14:45
CWE-255
web.nvd.nist.gov
24
siemens
wincc
login
implementation
vulnerability
nvd
cve-2013-3958

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.9%

The login implementation in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, has a hardcoded account, which makes it easier for remote attackers to obtain access via an unspecified request.

Affected configurations

NVD
Node
siemenssimatic_pcs7Range8.0sp1
OR
siemenssimatic_pcs7Match8.0
OR
siemenswinccRange7.2
OR
siemenswinccMatch7.0
OR
siemenswinccMatch7.0sp1
OR
siemenswinccMatch7.0sp2
OR
siemenswinccMatch7.0sp3
OR
siemenswinccMatch7.1
OR
siemenswinccMatch7.1sp1

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.9%

Related for CVE-2013-3958