CVE-2012-3030
First published: Tue Sep 18 2012(Updated: )
WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, stores sensitive information under the web root with insufficient access control, which allows remote attackers to read a (1) log file or (2) configuration file via a direct request.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens Simatic PCS 7 | =8.0 | |
| Siemens WinCC | <=7.0 | |
| Siemens WinCC | =5.0 | |
| Siemens WinCC | =5.0-sp1 | |
| Siemens WinCC | =6.0 | |
| Siemens WinCC | =6.0-sp2 | |
| Siemens WinCC | =6.0-sp3 | |
| Siemens WinCC | =6.0-sp4 | |
| Siemens WinCC | =7.0 | |
| Siemens WinCC | =7.0-sp1 | |
| Siemens WinCC | =7.0-sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/event
- agent/type
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/siemens
- canonical/siemens simatic pcs 7
- version/siemens simatic pcs 7/8.0
- canonical/siemens wincc
- version/siemens wincc/7.0
- version/siemens wincc/5.0
- version/siemens wincc/5.0-sp1
- version/siemens wincc/6.0
- version/siemens wincc/6.0-sp2
- version/siemens wincc/6.0-sp3
- version/siemens wincc/6.0-sp4
- version/siemens wincc/7.0-sp1
- version/siemens wincc/7.0-sp2