Unrated severityNVD Advisory· Published Mar 21, 2013· Updated Apr 29, 2026
CVE-2013-0676
CVE-2013-0676
Description
Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly assign privileges for the database containing WebNavigator credentials, which allows remote authenticated users to obtain sensitive information via a SQL query.
Affected products
13cpe:2.3:a:siemens:simatic_pcs7:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:siemens:simatic_pcs7:*:*:*:*:*:*:*:*range: <=8.0
- cpe:2.3:a:siemens:simatic_pcs7:7.1:sp3:*:*:*:*:*:*
cpe:2.3:a:siemens:wincc:*:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:a:siemens:wincc:*:*:*:*:*:*:*:*range: <=7.1
- cpe:2.3:a:siemens:wincc:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:wincc:5.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:siemens:wincc:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:wincc:6.0:sp2:*:*:*:*:*:*
- cpe:2.3:a:siemens:wincc:6.0:sp3:*:*:*:*:*:*
- cpe:2.3:a:siemens:wincc:6.0:sp4:*:*:*:*:*:*
- cpe:2.3:a:siemens:wincc:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:wincc:7.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:siemens:wincc:7.0:sp2:*:*:*:*:*:*
- cpe:2.3:a:siemens:wincc:7.0:sp3:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdfnvdVendor Advisory
- ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdfnvdUS Government Resource
News mentions
0No linked articles in our index yet.