Lucene search

[email protected]CVE-2013-4911

HistoryAug 01, 2013 - 1:32 p.m.

CVE-2013-4911

2013-08-0113:32:26

CWE-352

[email protected]

web.nvd.nist.gov

siemens

wincc

csrf

vulnerability

tia portal

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.4%

JSON

Cross-site request forgery (CSRF) vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to hijack the authentication of unspecified victims by leveraging improper configuration of SIMATIC HMI panels by the WinCC product.

Affected configurations

NVD

Node

siemenswinccMatch11.0

siemenswinccMatch11.0sp1

siemenswinccMatch11.0sp2

siemenswinccMatch12.0

CPENameOperatorVersion
siemens:winccsiemens wincceq11.0
siemens:winccsiemens wincceq12.0

CPE	Name	Operator	Version
siemens:wincc	siemens wincc	eq	11.0
siemens:wincc	siemens wincc	eq	12.0

References

scadastrangelove.blogspot.com/2013/08/ssa-064884-wincctia-portal-fixes.html

secunia.com/advisories/54051

secunia.com/advisories/54252

www.securityfocus.com/bid/61536

www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-064884.pdf

exchange.xforce.ibmcloud.com/vulnerabilities/86099

ics-cert.us-cert.gov/advisories/ICSA-13-213-02

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.4%

JSON

Related for CVE-2013-4911

prion1 cvelist1 nvd1 ptsecurity1 ics1