CVE-2013-3958

The login implementation in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, has a hardcoded account, which makes it easier for remote attackers to obtain access via an unspecified request.

Published: Jun 14, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-3958
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-255

Affected Software
References

Software	From	Fixed in
siemens / wincc	7.1-sp1	7.1-sp1.x
siemens / simatic_pcs7	8.0	8.0.x
siemens / wincc	7.1	7.1.x
siemens / wincc	7.0-sp2	7.0-sp2.x
siemens / simatic_pcs7	-	8.0.x
siemens / wincc	7.0-sp3	7.0-sp3.x
siemens / wincc	-	7.2.x
siemens / wincc	7.0	7.0.x
siemens / wincc	7.0-sp1	7.0-sp1.x

http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf

Vulnerability Database

289,697

CVE-2013-3958