PT-2012-4449 · Siemens · Wincc
Sergey Bobrov
·
Published
2012-09-18
·
Updated
2012-12-20
·
CVE-2012-3030
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Siemens WinCC versions 7.0 SP3 and earlier
Description
The issue allows remote attackers to read sensitive files due to insufficient access control. This can include reading (1) log files or (2) configuration files via a direct request.
Recommendations
For versions 7.0 SP3 and earlier, restrict access to sensitive files under the web root to prevent unauthorized reading of log and configuration files. Consider implementing proper access controls to mitigate the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wincc