Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly assign privileges for the database containing WebNavigator credentials, which allows remote authenticated users to obtain sensitive information via a SQL query.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Siemens WinCC 敏感信息漏洞
Vulnerability Description
Siemens SIMATIC WinCC是德国西门子(Siemens)公司的一套自动化的数据采集与监控(SCADA)系统。该系统提供过程监视、数据采集等功能。 SIMATIC PCS7 8.0 SP1之前版本和其他产品中使用的Siemens WinCC 7.2之前版本中存在漏洞,该漏洞源于程序没有正确地为含有WebNavigator凭证的数据库分配权限。通过SQL查询,远程认证攻击者利用该漏洞获得敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A