Lucene search

[email protected]NVD:CVE-2012-3028

HistorySep 18, 2012 - 2:55 p.m.

CVE-2012-3028

2012-09-1814:55:01

CWE-352

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.3%

JSON

Cross-site request forgery (CSRF) vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data or cause a denial of service.

Affected configurations

NVD

Node

siemenssimatic_pcs7Match8.0

siemenswinccRange≤7.0sp3

siemenswinccMatch5.0

siemenswinccMatch5.0sp1

siemenswinccMatch6.0

siemenswinccMatch6.0sp2

siemenswinccMatch6.0sp3

siemenswinccMatch6.0sp4

siemenswinccMatch7.0

siemenswinccMatch7.0sp1

siemenswinccMatch7.0sp2

References

en.securitylab.ru/lab/PT-2012-42

www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf

www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.3%

JSON

Related for NVD:CVE-2012-3028

cvelist1 cve1 prion1 ptsecurity1 ics1