Description
The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a (1) HTTP or (2) HTTPS request.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf
Scores
EPSS
0.0016
EPSS Percentile
36.1%
Details
CWE
CWE-264
Status
published
Products (8)
siemens/simatic_pcs7
7.1 sp3
siemens/simatic_pcs7
8.0
siemens/simatic_pcs7
< 8.0
siemens/wincc
5.0 (2 CPE variants)
siemens/wincc
6.0 (4 CPE variants)
siemens/wincc
7.0 (4 CPE variants)
siemens/wincc
7.1 (2 CPE variants)
siemens/wincc
< 7.2
Published
Jul 24, 2014
Tracked Since
Feb 18, 2026