Lucene search
HistorySep 18, 2012 - 2:55 p.m.
CVE-2012-3030
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.2
Confidence
Low
EPSS
0.003
Percentile
69.5%
WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, stores sensitive information under the web root with insufficient access control, which allows remote attackers to read a (1) log file or (2) configuration file via a direct request.
Affected configurations
Node
siemenssimatic_pcs7Match8.0
ORsiemenswinccRange≤7.0sp3
ORsiemenswinccMatch5.0
ORsiemenswinccMatch5.0sp1
ORsiemenswinccMatch6.0
ORsiemenswinccMatch6.0sp2
ORsiemenswinccMatch6.0sp3
ORsiemenswinccMatch6.0sp4
ORsiemenswinccMatch7.0
ORsiemenswinccMatch7.0sp1
ORsiemenswinccMatch7.0sp2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| siemens | simatic_pcs7 | 8.0 | cpe:2.3:a:siemens:simatic_pcs7:8.0:*:*:*:*:*:*:* |
| siemens | wincc | * | cpe:2.3:a:siemens:wincc:*:sp3:*:*:*:*:*:* |
| siemens | wincc | 5.0 | cpe:2.3:a:siemens:wincc:5.0:*:*:*:*:*:*:* |
| siemens | wincc | 5.0 | cpe:2.3:a:siemens:wincc:5.0:sp1:*:*:*:*:*:* |
| siemens | wincc | 6.0 | cpe:2.3:a:siemens:wincc:6.0:*:*:*:*:*:*:* |
| siemens | wincc | 6.0 | cpe:2.3:a:siemens:wincc:6.0:sp2:*:*:*:*:*:* |
| siemens | wincc | 6.0 | cpe:2.3:a:siemens:wincc:6.0:sp3:*:*:*:*:*:* |
| siemens | wincc | 6.0 | cpe:2.3:a:siemens:wincc:6.0:sp4:*:*:*:*:*:* |
| siemens | wincc | 7.0 | cpe:2.3:a:siemens:wincc:7.0:*:*:*:*:*:*:* |
| siemens | wincc | 7.0 | cpe:2.3:a:siemens:wincc:7.0:sp1:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2012-3030
2012-09-18 14:00:00
cve
cve
CVE-2012-3030
2012-09-18 14:55:01
prion
prion
Improper access control
2012-09-18 14:55:00
ptsecurity
ptsecurity
PT-2012-43: Arbitrary Files Reading in Siemens Simatic WinCC WebNavigator
2012-09-13 00:00:00
ics
ics
Siemens WinCC WebNavigator Multiple Vulnerabilities
2014-08-29 12:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.2
Confidence
Low
EPSS
0.003
Percentile
69.5%
Related for NVD:CVE-2012-3030