CVE-2013-0679

Sažetak

Directory traversal vulnerability in the web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote authenticated users to read arbitrary files via vectors involving a query for a pathname.

Reference

http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf

CVSS

Base:	4.0
Impact:	2.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:N/A:N

Zadnje važnije ažuriranje

22-03-2013 - 14:25

Objavljeno

21-03-2013 - 15:55