Vulnerabilities > CVE-2013-3958 - Credentials Management vulnerability in Siemens Simatic Pcs7 and Wincc

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

siemens

CWE-255

NVD

Published: 2013-06-14

Updated: 2013-06-17

Summary

The login implementation in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, has a hardcoded account, which makes it easier for remote attackers to obtain access via an unspecified request.

Vulnerable Configurations

Part	Description	Count
Application	Siemens Siemens Simatic Pcs7 8.0 Siemens Wincc 7.0 Siemens Wincc 7.1 Siemens Wincc 5.0 Siemens Wincc 6.0 Siemens Wincc 7.2	15

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf