CVE-2013-3959Sensitive Information Exposure in Siemens Simatic Pcs7

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
4.0MEDIUMNVD
EPSS
0.2%
top 62.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Siemens Simatic Pcs7Siemens Wincc
Timeline
PublishedJun 14
Latest updateMay 17

Description

The Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, exhibits different behavior for NetBIOS user names depending on whether the user account exists, which allows remote authenticated users to enumerate account names via crafted URL parameters.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages2 packages

NVDsiemens/wincc7.2+2

🔴Vulnerability Details

2
GHSA
GHSA-f45g-fr2h-mfp5: The Web Navigator in Siemens WinCC before 72022-05-17
CVEList
CVE-2013-3959: The Web Navigator in Siemens WinCC before 72013-06-14
CVE-2013-3959 — Sensitive Information Exposure | cvebase