First published: Fri Jun 08 2012(Updated: )
The XPath functionality in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 does not properly handle special characters in parameters, which allows remote authenticated users to read or modify settings via a crafted URL, related to an "XML injection" attack.
Credit: cret@cert.org
Affected Software | Affected Version | How to fix |
---|---|---|
Siemens WinCC | =7.0-sp3 | |
Siemens WinCC | =7.0-sp3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.