CVE-2013-0670

Siemens WinCC (TIA Portal) 11 - HTTP Response Splitting

Title source: llm

Description

CRLF injection vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.

References (2)

Core 2

Core References

US Government Resource x_refsource_misc

http://ics-cert.us-cert.gov/pdf/ICSA-13-079-03.pdf

Vendor Advisory x_refsource_confirm

http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-212483.pdf

Scores

EPSS 0.0033

EPSS Percentile 55.8%

Details

CWE

CWE-20

Status published

Products (1)

siemens/wincc_tia_portal 11.0

Published Mar 21, 2013

Tracked Since Feb 18, 2026