Description
Cross-site request forgery (CSRF) vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data or cause a denial of service.
References (3)
Core 3
Core References
Various Sources x_refsource_misc
http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf
Various Sources x_refsource_misc
http://en.securitylab.ru/lab/PT-2012-42
Scores
EPSS
0.0017
EPSS Percentile
37.7%
Details
CWE
CWE-352
Status
published
Products (5)
siemens/simatic_pcs7
8.0
siemens/wincc
5.0 (2 CPE variants)
siemens/wincc
6.0 (4 CPE variants)
siemens/wincc
7.0 (3 CPE variants)
siemens/wincc
< 7.0
Published
Sep 18, 2012
Tracked Since
Feb 18, 2026