CVE-2012-2596

Name of the Vulnerable Software and Affected Versions Siemens WinCC version 7.0 SP3 before Update 2

Description The issue concerns the XPath functionality in web applications, which does not properly handle special characters in parameters. This allows remote authenticated users to read or modify settings via a crafted URL, related to an "XML injection" attack.

Recommendations For Siemens WinCC version 7.0 SP3 before Update 2, update to a version that includes Update 2 to resolve the issue. As a temporary workaround, consider restricting access to the XPath functionality to minimize the risk of exploitation. Avoid using special characters in parameters for the affected web applications until the issue is resolved.