Vulnerabilities > CVE-2013-3958 - Credentials Management vulnerability in Siemens Simatic Pcs7 and Wincc

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

siemens

CWE-255

NVD

Published: 2013-06-14

Updated: 2024-11-21

Summary

The login implementation in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, has a hardcoded account, which makes it easier for remote attackers to obtain access via an unspecified request.

Vulnerable Configurations

Part	Description	Count
Application	Siemens Siemens Wincc 7.1 Siemens Wincc 7.0 Siemens Wincc 5.0 Siemens Wincc 6.0 Siemens Wincc 7.2 Siemens Simatic Pcs7 8.0	15

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf