CVE-2012-2597 — Path Traversal in Siemens Wincc

CWE-22 — Path Traversal3 documents3 sources

Severity

4.0MEDIUMNVD

EPSS

0.1%

top 69.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Wincc

Timeline

PublishedJun 8

Latest updateMay 17

Description

Multiple directory traversal vulnerabilities in Siemens WinCC 7.0 SP3 before Update 2 allow remote authenticated users to read arbitrary files via a crafted parameter in a URL.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

▶NVDsiemens/wincc7.0

🔴Vulnerability Details

GHSA

GHSA-rx3w-xv9f-p6wc: Multiple directory traversal vulnerabilities in Siemens WinCC 7↗2022-05-17

▶

CVEList

CVE-2012-2597: Multiple directory traversal vulnerabilities in Siemens WinCC 7↗2012-06-08

▶