CVE-2013-4911

2013-08-0113:32:26

CWE-352

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.003

Percentile

70.3%

JSON

Cross-site request forgery (CSRF) vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to hijack the authentication of unspecified victims by leveraging improper configuration of SIMATIC HMI panels by the WinCC product.

Affected configurations

Nvd

Node

siemenswinccMatch11.0

siemenswinccMatch11.0sp1

siemenswinccMatch11.0sp2

siemenswinccMatch12.0

VendorProductVersionCPE
siemenswincc11.0cpe:2.3:a:siemens:wincc:11.0:*:*:*:*:*:*:*
siemenswincc11.0cpe:2.3:a:siemens:wincc:11.0:sp1:*:*:*:*:*:*
siemenswincc11.0cpe:2.3:a:siemens:wincc:11.0:sp2:*:*:*:*:*:*
siemenswincc12.0cpe:2.3:a:siemens:wincc:12.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	wincc	11.0	cpe:2.3:a:siemens:wincc:11.0:::::::*
siemens	wincc	11.0	cpe:2.3:a:siemens:wincc:11.0:sp1::::::
siemens	wincc	11.0	cpe:2.3:a:siemens:wincc:11.0:sp2::::::
siemens	wincc	12.0	cpe:2.3:a:siemens:wincc:12.0:::::::*