4.3

CVE-2012-3031

Multiple cross-site scripting (XSS) vulnerabilities in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allow remote attackers to inject arbitrary web script or HTML via a (1) GET parameter, (2) POST parameter, or (3) Referer HTTP header.

Data is provided by the National Vulnerability Database (NVD)
SiemensSimatic Pcs7 Version8.0
SiemensWincc Updatesp3 Version <= 7.0
SiemensWincc Version5.0
SiemensWincc Version5.0 Updatesp1
SiemensWincc Version6.0
SiemensWincc Version6.0 Updatesp2
SiemensWincc Version6.0 Updatesp3
SiemensWincc Version6.0 Updatesp4
SiemensWincc Version7.0
SiemensWincc Version7.0 Updatesp1
SiemensWincc Version7.0 Updatesp2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.59% 0.679
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.