CVE-2013-4912

EUVD-2013-4757
Open redirect vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks by leveraging improper configuration of SIMATIC HMI panels by the WinCC product.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
Affected Products (NVD)
VendorProductVersion
siemenswincc
11.0
siemenswincc
11.0:sp1
siemenswincc
11.0:sp2
siemenswincc
12.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://scadastrangelove.blogspot.com/2013/08/ssa-064884-wincctia-portal-fixes.html
http://secunia.com/advisories/54051
http://secunia.com/advisories/54252
http://www.securityfocus.com/bid/61535
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-064884.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/86100
https://ics-cert.us-cert.gov/advisories/ICSA-13-213-02
http://scadastrangelove.blogspot.com/2013/08/ssa-064884-wincctia-portal-fixes.html
http://secunia.com/advisories/54051
http://secunia.com/advisories/54252
http://www.securityfocus.com/bid/61535
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-064884.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/86100
https://ics-cert.us-cert.gov/advisories/ICSA-13-213-02