Database Privilege Misconfiguration in Siemens WinCC and SIMATIC PCS7
CVE-2013-0676

Currently unrated

Key Information:

Vendor: Siemens
Status: Simatic Pcs7; Wincc
Vendor: CVE Published:; 21 March 2013

Summary

A misconfiguration in Siemens WinCC, as utilized in SIMATIC PCS7, allows remote authenticated users to execute SQL queries against a database containing WebNavigator credentials. This misconfiguration potentially exposes sensitive information due to insufficient privilege assignment, posing a risk of unauthorized data access. Users and administrators must ensure proper configurations to protect against this vulnerability.

References

http://www.siemens.com/corporate-technology/pool/de/forsc...

x_refsource_CONFIRM

http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf

x_refsource_MISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Mar 21, 2013