CVE-2013-3957SQL Injection in Siemens Simatic Pcs7

CWE-89SQL Injection3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.3%
top 43.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Siemens Simatic Pcs7Siemens Wincc
Timeline
PublishedJun 14
Latest updateMay 17

Description

SQL injection vulnerability in the login screen in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

NVDsiemens/wincc7.2+2

🔴Vulnerability Details

2
GHSA
GHSA-g8rq-3x2f-5cjh: SQL injection vulnerability in the login screen in the Web Navigator in Siemens WinCC before 72022-05-17
CVEList
CVE-2013-3957: SQL injection vulnerability in the login screen in the Web Navigator in Siemens WinCC before 72013-06-14
CVE-2013-3957 — SQL Injection in Siemens Simatic Pcs7 | cvebase