Authentication Bypass in Siemens Product Line
CVE-2012-3030

Currently unrated

Key Information:

Vendor: Siemens
Status: Simatic Pcs7; Wincc
Vendor: CVE Published:; 18 September 2012

Summary

An information disclosure vulnerability exists in the WebNavigator component of Siemens WinCC 7.0 SP3 and earlier. This flaw allows unauthorized users to access sensitive configuration and log files stored under the web root due to inadequate access control measures. By sending direct requests, remote attackers can exploit this weakness to gain unauthorized insights into system operations, potentially compromising the integrity and confidentiality of the affected installations.

References

http://www.siemens.com/corporate-technology/pool/de/forsc...

x_refsource_CONFIRM

http://en.securitylab.ru/lab/PT-2012-43

x_refsource_MISC

http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01...

x_refsource_MISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Sep 18, 2012