Vulnerabilities > CVE-2013-0678 - Credentials Management vulnerability in Siemens Simatic Pcs7 and Wincc

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

siemens

CWE-255

NVD

Published: 2013-03-21

Updated: 2024-11-21

Summary

Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly represent WebNavigator credentials in a database, which makes it easier for remote authenticated users to obtain sensitive information via a SQL query.

Vulnerable Configurations

Part	Description	Count
Application	Siemens Siemens Simatic Pcs7 7.1 Siemens Simatic Pcs7 8.0 Siemens Wincc 7.0 Siemens Wincc 6.0	8

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf
http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf