ID

VAR-201303-0255


CVE

CVE-2013-0672


TITLE

Siemens WinCC HMI web Cross-Site Scripting Vulnerability

Trust: 0.8

sources: IVD: 091d3190-2353-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201303-441

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to inject arbitrary web script or HTML via unspecified data. Siemens SIMATIC WinCC is a set of automatic data acquisition and monitoring (SCADA) system of German Siemens (Siemens). The system provides process monitoring, data acquisition and other functions

Trust: 1.89

sources: NVD: CVE-2013-0672 // JVNDB: JVNDB-2013-001986 // IVD: 091d3190-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-60674

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 091d3190-2353-11e6-abef-000c29c66e3d

AFFECTED PRODUCTS

vendor:siemensmodel:wincc tia portalscope:eqversion:11.0

Trust: 1.6

vendor:siemensmodel:simatic winccscope:eqversion:11

Trust: 0.8

vendor:wincc tia portalmodel: - scope:eqversion:11.0

Trust: 0.2

sources: IVD: 091d3190-2353-11e6-abef-000c29c66e3d // JVNDB: JVNDB-2013-001986 // CNNVD: CNNVD-201303-441 // NVD: CVE-2013-0672

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-0672
value: LOW

Trust: 1.0

NVD: CVE-2013-0672
value: LOW

Trust: 0.8

CNNVD: CNNVD-201303-441
value: LOW

Trust: 0.6

IVD: 091d3190-2353-11e6-abef-000c29c66e3d
value: LOW

Trust: 0.2

VULHUB: VHN-60674
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2013-0672
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: 091d3190-2353-11e6-abef-000c29c66e3d
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-60674
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 091d3190-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-60674 // JVNDB: JVNDB-2013-001986 // CNNVD: CNNVD-201303-441 // NVD: CVE-2013-0672

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-60674 // JVNDB: JVNDB-2013-001986 // NVD: CVE-2013-0672

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201303-441

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201303-441

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-001986

PATCH

title:Top Pageurl:http://www.siemens.com/entry/cc/en/

Trust: 0.8

title:SSA-212483: Vulnerabilities in WinCC (TIA Portal) V11url:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-212483.pdf

Trust: 0.8

title:シーメンスソリューションパートナーurl:http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx

Trust: 0.8

title:シーメンス・ジャパン株式会社url:http://www.siemens.com/answers/jp/ja/

Trust: 0.8

sources: JVNDB: JVNDB-2013-001986

EXTERNAL IDS

db:NVDid:CVE-2013-0672

Trust: 2.7

db:ICS CERTid:ICSA-13-079-03

Trust: 2.5

db:SIEMENSid:SSA-212483

Trust: 1.7

db:CNNVDid:CNNVD-201303-441

Trust: 0.9

db:JVNDBid:JVNDB-2013-001986

Trust: 0.8

db:IVDid:091D3190-2353-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:VULHUBid:VHN-60674

Trust: 0.1

sources: IVD: 091d3190-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-60674 // JVNDB: JVNDB-2013-001986 // CNNVD: CNNVD-201303-441 // NVD: CVE-2013-0672

REFERENCES

url:http://ics-cert.us-cert.gov/pdf/icsa-13-079-03.pdf

Trust: 2.5

url:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-212483.pdf

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0672

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0672

Trust: 0.8

sources: VULHUB: VHN-60674 // JVNDB: JVNDB-2013-001986 // CNNVD: CNNVD-201303-441 // NVD: CVE-2013-0672

SOURCES

db:IVDid:091d3190-2353-11e6-abef-000c29c66e3d
db:VULHUBid:VHN-60674
db:JVNDBid:JVNDB-2013-001986
db:CNNVDid:CNNVD-201303-441
db:NVDid:CVE-2013-0672

LAST UPDATE DATE

2024-08-14T13:48:32.505000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-60674date:2013-03-22T00:00:00
db:JVNDBid:JVNDB-2013-001986date:2013-03-25T00:00:00
db:CNNVDid:CNNVD-201303-441date:2013-03-25T00:00:00
db:NVDid:CVE-2013-0672date:2013-03-22T13:36:18.833

SOURCES RELEASE DATE

db:IVDid:091d3190-2353-11e6-abef-000c29c66e3ddate:2013-03-22T00:00:00
db:VULHUBid:VHN-60674date:2013-03-21T00:00:00
db:JVNDBid:JVNDB-2013-001986date:2013-03-25T00:00:00
db:CNNVDid:CNNVD-201303-441date:2013-03-22T00:00:00
db:NVDid:CVE-2013-0672date:2013-03-21T14:55:01.547