Details of VAR-201303-0255

ID

VAR-201303-0255

CVE

CVE-2013-0672

TITLE

Siemens WinCC HMI web Cross-Site Scripting Vulnerability

Trust: 0.8

sources: IVD: 091d3190-2353-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201303-441

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to inject arbitrary web script or HTML via unspecified data. Siemens SIMATIC WinCC is a set of automatic data acquisition and monitoring (SCADA) system of German Siemens (Siemens). The system provides process monitoring, data acquisition and other functions

Trust: 1.89

sources: NVD: CVE-2013-0672 // JVNDB: JVNDB-2013-001986 // IVD: 091d3190-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-60674

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.2

sources: IVD: 091d3190-2353-11e6-abef-000c29c66e3d

AFFECTED PRODUCTS

vendor:	siemens	model:	wincc tia portal	scope:	eq	version:	11.0	Trust: 1.6
vendor:	siemens	model:	simatic wincc	scope:	eq	version:	11	Trust: 0.8
vendor:	wincc tia portal	model:	-	scope:	eq	version:	11.0	Trust: 0.2

sources: IVD: 091d3190-2353-11e6-abef-000c29c66e3d // JVNDB: JVNDB-2013-001986 // CNNVD: CNNVD-201303-441 // NVD: CVE-2013-0672

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-0672
value:	LOW
Trust: 1.0
NVD:	CVE-2013-0672
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201303-441
value:	LOW
Trust: 0.6
IVD:	091d3190-2353-11e6-abef-000c29c66e3d
value:	LOW
Trust: 0.2
VULHUB:	VHN-60674
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2013-0672
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
IVD:	091d3190-2353-11e6-abef-000c29c66e3d
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-60674
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 091d3190-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-60674 // JVNDB: JVNDB-2013-001986 // CNNVD: CNNVD-201303-441 // NVD: CVE-2013-0672

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-60674 // JVNDB: JVNDB-2013-001986 // NVD: CVE-2013-0672

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201303-441

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201303-441

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-001986

PATCH

title:	Top Page	url:	http://www.siemens.com/entry/cc/en/	Trust: 0.8
title:	SSA-212483: Vulnerabilities in WinCC (TIA Portal) V11	url:	http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-212483.pdf	Trust: 0.8
title:	シーメンスソリューションパートナー	url:	http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx	Trust: 0.8
title:	シーメンス・ジャパン株式会社	url:	http://www.siemens.com/answers/jp/ja/	Trust: 0.8

sources: JVNDB: JVNDB-2013-001986

EXTERNAL IDS

db:	NVD	id:	CVE-2013-0672	Trust: 2.7
db:	ICS CERT	id:	ICSA-13-079-03	Trust: 2.5
db:	SIEMENS	id:	SSA-212483	Trust: 1.7
db:	CNNVD	id:	CNNVD-201303-441	Trust: 0.9
db:	JVNDB	id:	JVNDB-2013-001986	Trust: 0.8
db:	IVD	id:	091D3190-2353-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-60674	Trust: 0.1

sources: IVD: 091d3190-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-60674 // JVNDB: JVNDB-2013-001986 // CNNVD: CNNVD-201303-441 // NVD: CVE-2013-0672

REFERENCES

url:	http://ics-cert.us-cert.gov/pdf/icsa-13-079-03.pdf	Trust: 2.5
url:	http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-212483.pdf	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0672	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0672	Trust: 0.8

sources: VULHUB: VHN-60674 // JVNDB: JVNDB-2013-001986 // CNNVD: CNNVD-201303-441 // NVD: CVE-2013-0672

SOURCES

db:	IVD	id:	091d3190-2353-11e6-abef-000c29c66e3d
db:	VULHUB	id:	VHN-60674
db:	JVNDB	id:	JVNDB-2013-001986
db:	CNNVD	id:	CNNVD-201303-441
db:	NVD	id:	CVE-2013-0672

LAST UPDATE DATE

2024-08-14T13:48:32.505000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-60674	date:	2013-03-22T00:00:00
db:	JVNDB	id:	JVNDB-2013-001986	date:	2013-03-25T00:00:00
db:	CNNVD	id:	CNNVD-201303-441	date:	2013-03-25T00:00:00
db:	NVD	id:	CVE-2013-0672	date:	2013-03-22T13:36:18.833

SOURCES RELEASE DATE

db:	IVD	id:	091d3190-2353-11e6-abef-000c29c66e3d	date:	2013-03-22T00:00:00
db:	VULHUB	id:	VHN-60674	date:	2013-03-21T00:00:00
db:	JVNDB	id:	JVNDB-2013-001986	date:	2013-03-25T00:00:00
db:	CNNVD	id:	CNNVD-201303-441	date:	2013-03-22T00:00:00
db:	NVD	id:	CVE-2013-0672	date:	2013-03-21T14:55:01.547