CVE-2012-2596 in WinCCinfo

Summary

The XPath functionality in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 does not properly handle special characters in parameters, which allows remote authenticated users to read or modify settings via a crafted URL, related to an "XML injection" attack.

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

05/09/2012

Disclosure

06/08/2012

Entries

1: VDB-60931

CPE

ready

CVSS

5.4

EPSS

0.00241

Activities

Very Low

Sources

MITREhttps://www.cve.org/CVERecord?id=CVE-2012-2596
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2012-2596
CVE Detailshttps://www.cvedetails.com/cve/CVE-2012-2596/

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!