SQL Injection in Siemens Simatic_pcs7

CVE-2013-3957

SQL injection vulnerability in the login screen in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, allows remote attackers to execute arbitrary SQL commands via unspec…

Vulnerability class: SQL Injection

EPSS: 0.003 (56.8th percentile) — read the EPSS interpretation.

Affected products

Siemens Simatic_pcs7 — versions 8.0
Siemens Wincc — versions 7.0, 7.1
N/a — versions n/a

Weakness classification (CWE)

CWE-89 — SQL Injection

References

cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)