ID
VAR-201306-0315
CVE
CVE-2013-3958
TITLE
Siemens SIMATIC WinCC/PCS 7 Hardcoded Credential Security Bypass Vulnerability
Trust: 0.8
sources:
IVD: e69a1ca0-2352-11e6-abef-000c29c66e3d //
CNVD: CNVD-2013-07606
DESCRIPTION
The login implementation in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, has a hardcoded account, which makes it easier for remote attackers to obtain access via an unspecified request. Siemens SIMATIC WinCC is a monitoring control and data acquisition SCADA and human machine interface HMI system. Siemens SIMATIC PCS is a process control system. An attacker can exploit the vulnerability to gain access. The vulnerability is due to the fact that the program has hard-coded accounts
Trust: 2.7
sources:
NVD: CVE-2013-3958 //
JVNDB: JVNDB-2013-002983 //
CNVD: CNVD-2013-07606 //
BID: 60561 //
IVD: e69a1ca0-2352-11e6-abef-000c29c66e3d //
VULHUB: VHN-63960
IOT TAXONOMY
| category: | ['ICS'] | sub_category: | - | Trust: 0.8 |
sources:
IVD: e69a1ca0-2352-11e6-abef-000c29c66e3d //
CNVD: CNVD-2013-07606
AFFECTED PRODUCTS
| vendor: | siemens | model: | simatic pcs7 | scope: | eq | version: | 8.0 | Trust: 1.6 |
| vendor: | siemens | model: | wincc | scope: | eq | version: | 7.1 | Trust: 1.6 |
| vendor: | siemens | model: | wincc | scope: | eq | version: | 7.0 | Trust: 1.6 |
| vendor: | siemens | model: | wincc | scope: | lte | version: | 7.2 | Trust: 1.0 |
| vendor: | siemens | model: | simatic pcs7 | scope: | lte | version: | 8.0 | Trust: 1.0 |
| vendor: | wincc | model: | - | scope: | eq | version: | 7.0 | Trust: 0.8 |
| vendor: | siemens | model: | simatic pcs 7 | scope: | lte | version: | 8.0 sp1 | Trust: 0.8 |
| vendor: | siemens | model: | simatic wincc | scope: | lt | version: | 7.2 update 1 | Trust: 0.8 |
| vendor: | siemens | model: | simatic wincc | scope: | eq | version: | 7.x | Trust: 0.6 |
| vendor: | siemens | model: | simatic pcs | scope: | eq | version: | 78.x | Trust: 0.6 |
| vendor: | siemens | model: | wincc | scope: | eq | version: | 7.2 | Trust: 0.6 |
| vendor: | wincc | model: | - | scope: | eq | version: | 7.1 | Trust: 0.4 |
| vendor: | simatic pcs7 | model: | - | scope: | eq | version: | 8.0 | Trust: 0.2 |
| vendor: | simatic pcs7 | model: | - | scope: | eq | version: | * | Trust: 0.2 |
| vendor: | wincc | model: | - | scope: | eq | version: | * | Trust: 0.2 |
sources:
IVD: e69a1ca0-2352-11e6-abef-000c29c66e3d //
CNVD: CNVD-2013-07606 //
JVNDB: JVNDB-2013-002983 //
CNNVD: CNNVD-201306-248 //
NVD: CVE-2013-3958
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
sources:
IVD: e69a1ca0-2352-11e6-abef-000c29c66e3d //
CNVD: CNVD-2013-07606 //
VULHUB: VHN-63960 //
JVNDB: JVNDB-2013-002983 //
CNNVD: CNNVD-201306-248 //
NVD: CVE-2013-3958
PROBLEMTYPE DATA
| problemtype: | CWE-255 | Trust: 1.9 |
sources:
VULHUB: VHN-63960 //
JVNDB: JVNDB-2013-002983 //
NVD: CVE-2013-3958
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-201306-248
TYPE
Trust management
Trust: 0.8
sources:
IVD: e69a1ca0-2352-11e6-abef-000c29c66e3d //
CNNVD: CNNVD-201306-248
CONFIGURATIONS
sources:
JVNDB: JVNDB-2013-002983
PATCH
| title: | SSA-345843: Vulnerabilites in WinCC 7.2 | url: | http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf | Trust: 0.8 |
| title: | \302\240Siemens SIMATIC WinCC/PCS 7 Hardcoded Credential Security Bypass Vulnerability Patch | url: | https://www.cnvd.org.cn/patchInfo/show/34666 | Trust: 0.6 |
sources:
CNVD: CNVD-2013-07606 //
JVNDB: JVNDB-2013-002983
EXTERNAL IDS
| db: | NVD | id: | CVE-2013-3958 | Trust: 3.6 |
| db: | SIEMENS | id: | SSA-345843 | Trust: 1.7 |
| db: | SECUNIA | id: | 53805 | Trust: 1.2 |
| db: | BID | id: | 60561 | Trust: 1.0 |
| db: | CNNVD | id: | CNNVD-201306-248 | Trust: 0.9 |
| db: | CNVD | id: | CNVD-2013-07606 | Trust: 0.8 |
| db: | ICS CERT | id: | ICSA-13-169-02 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2013-002983 | Trust: 0.8 |
| db: | IVD | id: | E69A1CA0-2352-11E6-ABEF-000C29C66E3D | Trust: 0.2 |
| db: | VULHUB | id: | VHN-63960 | Trust: 0.1 |
sources:
IVD: e69a1ca0-2352-11e6-abef-000c29c66e3d //
CNVD: CNVD-2013-07606 //
VULHUB: VHN-63960 //
BID: 60561 //
JVNDB: JVNDB-2013-002983 //
CNNVD: CNNVD-201306-248 //
NVD: CVE-2013-3958
REFERENCES
| url: | http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf | Trust: 1.7 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3958 | Trust: 0.8 |
| url: | https://ics-cert.us-cert.gov/advisories/icsa-13-169-02 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3958 | Trust: 0.8 |
| url: | http://secunia.com/advisories/53805/ | Trust: 0.6 |
| url: | http://secunia.com/advisories/53805 | Trust: 0.6 |
| url: | http://subscriber.communications.siemens.com/ | Trust: 0.3 |
| url: | http://aunz.siemens.com/newscentre/productreleases/pages/iac_pr_simaticwinccv62.aspx | Trust: 0.3 |
sources:
CNVD: CNVD-2013-07606 //
VULHUB: VHN-63960 //
BID: 60561 //
JVNDB: JVNDB-2013-002983 //
CNNVD: CNNVD-201306-248 //
NVD: CVE-2013-3958
CREDITS
Alexander Tlyapov from Positive Technologies
Trust: 0.3
sources:
BID: 60561
SOURCES
| db: | IVD | id: | e69a1ca0-2352-11e6-abef-000c29c66e3d |
| db: | CNVD | id: | CNVD-2013-07606 |
| db: | VULHUB | id: | VHN-63960 |
| db: | BID | id: | 60561 |
| db: | JVNDB | id: | JVNDB-2013-002983 |
| db: | CNNVD | id: | CNNVD-201306-248 |
| db: | NVD | id: | CVE-2013-3958 |
LAST UPDATE DATE
2024-08-14T14:28:03.020000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2013-07606 | date: | 2013-06-19T00:00:00 |
| db: | VULHUB | id: | VHN-63960 | date: | 2013-06-17T00:00:00 |
| db: | BID | id: | 60561 | date: | 2013-06-19T07:17:00 |
| db: | JVNDB | id: | JVNDB-2013-002983 | date: | 2013-06-25T00:00:00 |
| db: | CNNVD | id: | CNNVD-201306-248 | date: | 2013-06-21T00:00:00 |
| db: | NVD | id: | CVE-2013-3958 | date: | 2013-06-17T04:00:00 |
SOURCES RELEASE DATE
| db: | IVD | id: | e69a1ca0-2352-11e6-abef-000c29c66e3d | date: | 2013-06-19T00:00:00 |
| db: | CNVD | id: | CNVD-2013-07606 | date: | 2013-06-19T00:00:00 |
| db: | VULHUB | id: | VHN-63960 | date: | 2013-06-14T00:00:00 |
| db: | BID | id: | 60561 | date: | 2013-06-14T00:00:00 |
| db: | JVNDB | id: | JVNDB-2013-002983 | date: | 2013-06-18T00:00:00 |
| db: | CNNVD | id: | CNNVD-201306-248 | date: | 2013-06-18T00:00:00 |
| db: | NVD | id: | CVE-2013-3958 | date: | 2013-06-14T19:55:01.250 |