CVE-2012-2596Code Injection in Siemens Wincc

CWE-94Code Injection3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.2%
top 52.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Siemens Wincc
Timeline
PublishedJun 8
Latest updateMay 17

Description

The XPath functionality in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 does not properly handle special characters in parameters, which allows remote authenticated users to read or modify settings via a crafted URL, related to an "XML injection" attack.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 8.0 | Impact: 4.9

Affected Packages1 packages

NVDsiemens/wincc7.0

🔴Vulnerability Details

2
GHSA
GHSA-8h44-xxg3-9447: The XPath functionality in unspecified web applications in Siemens WinCC 72022-05-17
CVEList
CVE-2012-2596: The XPath functionality in unspecified web applications in Siemens WinCC 72012-06-08
CVE-2012-2596 — Code Injection in Siemens Wincc | cvebase