Information disclosure in Siemens Simatic_pcs7

CVE-2013-3959

The Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, exhibits different behavior for NetBIOS user names depending on whether the user account exists, which allows remote au…

Vulnerability class: Information Disclosure

EPSS: 0.002 (37.0th percentile) — read the EPSS interpretation.

Affected products

Siemens Simatic_pcs7 — versions 8.0
Siemens Wincc — versions 7.0, 7.1
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)