CVE-2013-3958

Published Jun 14, 2013

Last updated 12 years ago

CVSS info 7.5

Overview

Description: The login implementation in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, has a hardcoded account, which makes it easier for remote attackers to obtain access via an unspecified request.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-255

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:siemens:simatic_pcs7:*:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0165209F-7378-4C05-9373-ECA6EA57697D",
            "versionEndIncluding": "8.0"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_pcs7:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E8B894F4-9635-4436-BC0A-E43280426017"
          },
          {
            "criteria": "cpe:2.3:a:siemens:wincc:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "74484B5D-121B-4838-9072-019532E78A03",
            "versionEndIncluding": "7.2"
          },
          {
            "criteria": "cpe:2.3:a:siemens:wincc:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A33F9015-7058-419A-8762-CB2AE4ACF1A7"
          },
          {
            "criteria": "cpe:2.3:a:siemens:wincc:7.0:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E6271FCC-CCF6-4D31-801A-B4B0DC4639DD"
          },
          {
            "criteria": "cpe:2.3:a:siemens:wincc:7.0:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF7A6B2B-D573-4285-B3B4-136F2BE7E710"
          },
          {
            "criteria": "cpe:2.3:a:siemens:wincc:7.0:sp3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "111D0F4D-2B67-46E8-BF8D-5D30EFE561EE"
          },
          {
            "criteria": "cpe:2.3:a:siemens:wincc:7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2B16BB99-49E0-443E-BEE0-C7694D2C54E1"
          },
          {
            "criteria": "cpe:2.3:a:siemens:wincc:7.1:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4115260-50FC-40C9-81CF-4D9F97394627"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References