CVE-2013-3958
Siemens SIMATIC PCS7 < 8.0 and WinCC < 7.2 - Unauthenticated Hardcoded Account Access
Title source: llmDescription
The login implementation in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, has a hardcoded account, which makes it easier for remote attackers to obtain access via an unspecified request.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf
Scores
EPSS
0.0042
EPSS Percentile
62.3%
Details
CWE
CWE-255
Status
published
Products (5)
siemens/simatic_pcs7
8.0
siemens/simatic_pcs7
< 8.0
siemens/wincc
7.0 (4 CPE variants)
siemens/wincc
7.1 (2 CPE variants)
siemens/wincc
< 7.2
Published
Jun 14, 2013
Tracked Since
Feb 18, 2026