SQL Injection Vulnerability in Siemens WinCC and SIMATIC Products
CVE-2012-3032

Currently unrated

Key Information:

Vendor: Siemens
Status: Simatic Pcs7; Wincc
Vendor: CVE Published:; 18 September 2012

What is CVE-2012-3032?

An SQL injection vulnerability exists within the WebNavigator component of Siemens WinCC, where malicious actors can exploit this flaw by crafting specially designed SOAP messages. This allows them to execute arbitrary SQL commands, potentially compromising the integrity and confidentiality of the affected systems, including SIMATIC PCS7 and earlier versions of WinCC 7.0 SP3.

References

http://en.securitylab.ru/lab/PT-2012-44

x_refsource_MISC

http://www.siemens.com/corporate-technology/pool/de/forsc...

x_refsource_CONFIRM

http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Sep 18, 2012