Lucene search
CertccCVE-2012-2596HistoryJun 08, 2012 - 6:55 p.m.
CVE-2012-2596
2012-06-0818:55:02
CWE-94
certcc
web.nvd.nist.gov
32
4
siemens
wincc
7.0
sp3
xpath
xml injection
cve-2012-2596
security vulnerability
nvd
CVSS2
5.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
AI Score
6.2
Confidence
Low
EPSS
0.001
Percentile
49.6%
The XPath functionality in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 does not properly handle special characters in parameters, which allows remote authenticated users to read or modify settings via a crafted URL, related to an “XML injection” attack.
Affected configurations
Node
siemenswinccMatch7.0sp3
ORsiemenswinccMatch7.0sp3update_1
References
Social References
More
Related
nvd
nvd
CVE-2012-2596
2012-06-08 18:55:02
prion
prion
Xxe
2012-06-08 18:55:00
cvelist
cvelist
CVE-2012-2596
2012-06-08 18:00:00
ptsecurity
ptsecurity
PT-2012-08: XPath Injection in WinCC (SCADA)
2012-06-20 00:00:00
ics
ics
Siemens WinCC Multiple Vulnerabilities
2014-01-30 12:00:00
CVSS2
5.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
AI Score
6.2
Confidence
Low
EPSS
0.001
Percentile
49.6%
Related for CVE-2012-2596