CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2013-3959

The Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, exhibits different behavior for NetBIOS user names depending on whether the user account exists, which allows remote authenticated users to enumerate account names via crafted URL parameters.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 38.1%

CVSS Severity

CVSS v2 Score 4.0

References

http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf

Products affected by CVE-2013-3959

Siemens » Simatic Pcs7 » Version: 8.0

cpe:2.3:a:siemens:simatic_pcs7:8.0
Siemens » Wincc » Version: 5.0

cpe:2.3:a:siemens:wincc:5.0
Siemens » Wincc » Version: 6.0

cpe:2.3:a:siemens:wincc:6.0
Siemens » Wincc » Version: 7.0

cpe:2.3:a:siemens:wincc:7.0
Siemens » Wincc » Version: 7.1

cpe:2.3:a:siemens:wincc:7.1
Siemens » Wincc » Version: 7.2

cpe:2.3:a:siemens:wincc:7.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2013-3959

Products

Pricing

Contact Us