SQL Injection Vulnerability in Siemens WinCC and SIMATIC PCS7
CVE-2013-0678

Currently unrated

Key Information:

Vendor: Siemens
Status: Simatic Pcs7; Wincc
Vendor: CVE Published:; 21 March 2013

Summary

An SQL injection vulnerability exists in Siemens WinCC and SIMATIC PCS7 due to improper handling of WebNavigator credentials in the database. This flaw allows remote authenticated users to execute malicious SQL queries, potentially exposing sensitive information held within the system. The affected versions of WinCC are prior to 7.2, and for SIMATIC PCS7, versions prior to 8.0 SP1 are at risk. Proper validation of user inputs and database queries is essential to mitigate this vulnerability.

References

http://www.siemens.com/corporate-technology/pool/de/forsc...

x_refsource_CONFIRM

http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf

x_refsource_MISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Mar 21, 2013