ID
VAR-E-201206-0992
CVE
| cve_id: | CVE-2012-2598 | Trust: 0.3 |
| cve_id: | CVE-2012-3003 | Trust: 0.3 |
| cve_id: | CVE-2012-2597 | Trust: 0.3 |
| cve_id: | CVE-2012-2596 | Trust: 0.3 |
| cve_id: | CVE-2012-2595 | Trust: 0.3 |
TITLE
Siemens WinCC Multiple Security Vulnerabilities
Trust: 0.3
DESCRIPTION
Siemens SIMATIC WinCC Flexible is prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary code in the context of the affected application, read arbitrary files on the system, redirect users to a potentially malicious site, access or modify data of an XML document, or cause denial-of-service conditions; other attacks may also be possible.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | siemens | model: | wincc sp3 | scope: | eq | version: | 7.0 | Trust: 0.3 |
EXPLOIT
An attacker can use a Web browser to exploit these issues. To exploit a cross-site scripting vulnerability, an attacker must entice an unsuspecting user to follow a malicious URI.
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Unknown
Trust: 0.3
CREDITS
Gleb Gritsai, Alexander Zaitsev, Sergey Scherbel, Yuri Goltsev, Dmitry Serebryannikov, Sergey Bobrov, Denis Baranov, Andrey Medov and Siemens
Trust: 0.3
EXTERNAL IDS
| db: | ICS CERT | id: | ICSA-12-158-01 | Trust: 0.3 |
| db: | NVD | id: | CVE-2012-2598 | Trust: 0.3 |
| db: | NVD | id: | CVE-2012-3003 | Trust: 0.3 |
| db: | NVD | id: | CVE-2012-2597 | Trust: 0.3 |
| db: | NVD | id: | CVE-2012-2596 | Trust: 0.3 |
| db: | NVD | id: | CVE-2012-2595 | Trust: 0.3 |
| db: | BID | id: | 53837 | Trust: 0.3 |
REFERENCES
| url: | http://www.us-cert.gov/control_systems/pdf/icsa-12-158-01.pdf | Trust: 0.3 |
| url: | http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/wincc-flexible/wincc-flexible-runtime/pages/default.aspx | Trust: 0.3 |
SOURCES
| db: | BID | id: | 53837 |
LAST UPDATE DATE
2022-07-27T10:03:24.602000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 53837 | date: | 2012-06-06T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 53837 | date: | 2012-06-06T00:00:00 |