CVE-2013-3957
SIMATIC PCS7 < 8.0 and WinCC < 7.2 - SQL Injection via Login Screen
Title source: llmDescription
SQL injection vulnerability in the login screen in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf
Scores
EPSS
0.0178
EPSS Percentile
75.8%
Details
CWE
CWE-89
Status
published
Products (5)
siemens/simatic_pcs7
8.0
siemens/simatic_pcs7
< 8.0
siemens/wincc
7.0 (4 CPE variants)
siemens/wincc
7.1 (2 CPE variants)
siemens/wincc
< 7.2
Published
Jun 14, 2013
Tracked Since
Feb 18, 2026