CSRF in Siemens Wincc

CVE-2013-4911

Cross-site request forgery (CSRF) vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to hijack the authentication of unspecified victims by leveraging improper configuration of SIMATIC HMI panels by…

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.003 (52.1th percentile) — read the EPSS interpretation.

Affected products

Siemens Wincc — versions 11.0, 12.0
N/a — versions n/a

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

References

cve@mitre.org (x_refsource_MISC)
61536 (vdb-entry, x_refsource_BID)
simatic-cve20134911-csrf(86099) (vdb-entry, x_refsource_XF)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
54051 (x_refsource_SECUNIA, third-party-advisory)
cve@mitre.org (x_refsource_MISC)
54252 (x_refsource_SECUNIA, third-party-advisory)