CVE-2013-4912
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
73.2%
Open redirect vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks by leveraging improper configuration of SIMATIC HMI panels by the WinCC product.
Affected configurations
References
scadastrangelove.blogspot.com/2013/08/ssa-064884-wincctia-portal-fixes.html
secunia.com/advisories/54051
secunia.com/advisories/54252
www.securityfocus.com/bid/61535
www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-064884.pdf
exchange.xforce.ibmcloud.com/vulnerabilities/86100
ics-cert.us-cert.gov/advisories/ICSA-13-213-02
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
73.2%