7.5

CVE-2013-3958

EPSS 0.42%
Published 14.06.2013 19:55:01
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

The login implementation in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, has a hardcoded account, which makes it easier for remote attackers to obtain access via an unspecified request.

Affected products Warnungen 0 Metrics 2 CWE 0 References 4

Data is provided by the National Vulnerability Database (NVD)

Siemens ≫ Simatic Pcs7 Updatesp1 Version <= 8.0

Siemens ≫ Simatic Pcs7 Version8.0

Siemens ≫ Wincc Version <= 7.2

Siemens ≫ Wincc Version7.0

Siemens ≫ Wincc Version7.0 Updatesp1

Siemens ≫ Wincc Version7.0 Updatesp2

Siemens ≫ Wincc Version7.0 Updatesp3

Siemens ≫ Wincc Version7.1

Siemens ≫ Wincc Version7.1 Updatesp1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.42%	0.61

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2013-3958

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-3958

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-3958

EUVD