Lucene search

K
cve[email protected]CVE-2013-3958
HistoryOct 03, 2022 - 4:14 p.m.

CVE-2013-3958

2022-10-0316:14:45
CWE-255
web.nvd.nist.gov
24
siemens
wincc
login
implementation
vulnerability
nvd
cve-2013-3958

6.8 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

72.7%

The login implementation in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, has a hardcoded account, which makes it easier for remote attackers to obtain access via an unspecified request.

Affected configurations

NVD
Node
siemenssimatic_pcs7Range8.0sp1
OR
siemenssimatic_pcs7Match8.0
OR
siemenswinccRange7.2
OR
siemenswinccMatch7.0
OR
siemenswinccMatch7.0sp1
OR
siemenswinccMatch7.0sp2
OR
siemenswinccMatch7.0sp3
OR
siemenswinccMatch7.1
OR
siemenswinccMatch7.1sp1

6.8 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

72.7%

Related for CVE-2013-3958