CVE-2012-2597

Name of the Vulnerable Software and Affected Versions Siemens WinCC version 7.0 SP3 before Update 2

Description The issue allows remote authenticated users to read arbitrary files via a crafted parameter in a URL, due to multiple directory traversal vulnerabilities.

Recommendations For Siemens WinCC version 7.0 SP3 before Update 2, apply Update 2 to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.