CVE-2013-3959

Name of the Vulnerable Software and Affected Versions Siemens WinCC versions prior to 7.2 Update 1

Description The issue exists due to different behavior for NetBIOS user names in the Web Navigator component of Siemens WinCC, depending on whether a user account exists. This allows remote authenticated users to enumerate account names by using specially crafted URL parameters.

Recommendations For versions prior to 7.2 Update 1, update to version 7.2 Update 1 or later to resolve the issue.