Description
SQL injection vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to execute arbitrary SQL commands via a crafted SOAP message.
References (3)
Core 3
Core References
Various Sources x_refsource_misc
http://en.securitylab.ru/lab/PT-2012-44
Patch, Vendor Advisory x_refsource_confirm
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf
US Government Resource x_refsource_misc
http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf
Scores
EPSS
0.0054
EPSS Percentile
67.8%
Details
CWE
CWE-89
Status
published
Products (5)
siemens/simatic_pcs7
8.0
siemens/wincc
5.0 (2 CPE variants)
siemens/wincc
6.0 (4 CPE variants)
siemens/wincc
7.0 (3 CPE variants)
siemens/wincc
< 7.0
Published
Sep 18, 2012
Tracked Since
Feb 18, 2026