Vulnerabilities > CVE-2013-0678 - Credentials Management vulnerability in Siemens Simatic Pcs7 and Wincc

047910
CVSS 4.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
siemens
CWE-255

Summary

Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly represent WebNavigator credentials in a database, which makes it easier for remote authenticated users to obtain sensitive information via a SQL query.

Vulnerable Configurations

Part Description Count
Application
Siemens
8

Common Weakness Enumeration (CWE)