CVE-2013-3957
SIMATIC PCS7 < 8.0 and WinCC < 7.2 - SQL Injection via Login Screen
Title source: llmDescription
SQL injection vulnerability in the login screen in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf
Scores
EPSS
0.0034
EPSS Percentile
56.6%
Details
CWE
CWE-89
Status
published
Products (5)
siemens/simatic_pcs7
8.0
siemens/simatic_pcs7
< 8.0
siemens/wincc
7.0 (4 CPE variants)
siemens/wincc
7.1 (2 CPE variants)
siemens/wincc
< 7.2
Published
Jun 14, 2013
Tracked Since
Feb 18, 2026