Lucene search

IcscertCVE-2013-0677

HistoryMar 21, 2013 - 3:55 p.m.

CVE-2013-0677

2013-03-2115:55:01

CWE-200

icscert

web.nvd.nist.gov

siemens

wincc

web server

vulnerability

cve-2013-0677

nvd

information security

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

AI Score

6.7

Confidence

Low

EPSS

0.004

Percentile

74.2%

JSON

The web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to obtain sensitive information or cause a denial of service via a crafted project file.

Affected configurations

Nvd

Node

siemenssimatic_pcs7Range≤8.0

siemenssimatic_pcs7Match7.1sp3

siemenswinccRange≤7.1

siemenswinccMatch5.0

siemenswinccMatch5.0sp1

siemenswinccMatch6.0

siemenswinccMatch6.0sp2

siemenswinccMatch6.0sp3

siemenswinccMatch6.0sp4

siemenswinccMatch7.0

siemenswinccMatch7.0sp1

siemenswinccMatch7.0sp2

siemenswinccMatch7.0sp3

VendorProductVersionCPE
siemenssimatic_pcs7*cpe:2.3:a:siemens:simatic_pcs7:*:*:*:*:*:*:*:*
siemenssimatic_pcs77.1cpe:2.3:a:siemens:simatic_pcs7:7.1:sp3:*:*:*:*:*:*
siemenswincc*cpe:2.3:a:siemens:wincc:*:*:*:*:*:*:*:*
siemenswincc5.0cpe:2.3:a:siemens:wincc:5.0:*:*:*:*:*:*:*
siemenswincc5.0cpe:2.3:a:siemens:wincc:5.0:sp1:*:*:*:*:*:*
siemenswincc6.0cpe:2.3:a:siemens:wincc:6.0:*:*:*:*:*:*:*
siemenswincc6.0cpe:2.3:a:siemens:wincc:6.0:sp2:*:*:*:*:*:*
siemenswincc6.0cpe:2.3:a:siemens:wincc:6.0:sp3:*:*:*:*:*:*
siemenswincc6.0cpe:2.3:a:siemens:wincc:6.0:sp4:*:*:*:*:*:*
siemenswincc7.0cpe:2.3:a:siemens:wincc:7.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	simatic_pcs7	*	cpe:2.3:a:siemens:simatic_pcs7::::::::
siemens	simatic_pcs7	7.1	cpe:2.3:a:siemens:simatic_pcs7:7.1:sp3::::::
siemens	wincc	*	cpe:2.3:a:siemens:wincc::::::::
siemens	wincc	5.0	cpe:2.3:a:siemens:wincc:5.0:::::::*
siemens	wincc	5.0	cpe:2.3:a:siemens:wincc:5.0:sp1::::::
siemens	wincc	6.0	cpe:2.3:a:siemens:wincc:6.0:::::::*
siemens	wincc	6.0	cpe:2.3:a:siemens:wincc:6.0:sp2::::::
siemens	wincc	6.0	cpe:2.3:a:siemens:wincc:6.0:sp3::::::
siemens	wincc	6.0	cpe:2.3:a:siemens:wincc:6.0:sp4::::::
siemens	wincc	7.0	cpe:2.3:a:siemens:wincc:7.0:::::::*

Rows per page:

1-10 of 131

References

ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf

www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

AI Score

6.7

Confidence

Low

EPSS

0.004

Percentile

74.2%

JSON

Related for CVE-2013-0677