Cross-site Request Forgery Vulnerability in Siemens WinCC and SIMATIC Products
CVE-2012-3028

Currently unrated

Key Information:

Vendor: Siemens
Status: Simatic Pcs7; Wincc
Vendor: CVE Published:; 18 September 2012

Summary

A cross-site request forgery vulnerability exists in the WebNavigator component of Siemens WinCC 7.0 SP3 and earlier versions, affecting SIMATIC PCS7 and other related products. This vulnerability allows remote attackers to exploit user sessions and perform actions on behalf of authenticated users. By crafting malicious requests, an attacker can manipulate data or even trigger a denial of service, thereby compromising system integrity and availability.

References

http://en.securitylab.ru/lab/PT-2012-42

x_refsource_MISC

http://www.siemens.com/corporate-technology/pool/de/forsc...

x_refsource_CONFIRM

http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01...

x_refsource_MISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Sep 18, 2012