CVE-2013-0676Siemens Simatic Pcs7 vulnerability

CWE-2643 documents3 sources
Severity
4.0MEDIUMNVD
EPSS
0.2%
top 56.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Siemens Simatic Pcs7Siemens Wincc
Timeline
PublishedMar 21
Latest updateMay 17

Description

Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly assign privileges for the database containing WebNavigator credentials, which allows remote authenticated users to obtain sensitive information via a SQL query.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages2 packages

NVDsiemens/wincc7.1+3

🔴Vulnerability Details

2
GHSA
GHSA-p9j2-w5p7-8fp9: Siemens WinCC before 72022-05-17
CVEList
CVE-2013-0676: Siemens WinCC before 72013-03-21
CVE-2013-0676 — Siemens Simatic Pcs7 vulnerability | cvebase