CVE-2013-4912

Open redirect vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks by leveraging improper configuration of SIMATIC HMI panels by the WinCC product.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
VendorProductVersion
siemenswincc
11.0
siemenswincc
11.0:sp1
siemenswincc
11.0:sp2
siemenswincc
12.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://scadastrangelove.blogspot.com/2013/08/ssa-064884-wincctia-portal-fixes.html
http://secunia.com/advisories/54051
http://secunia.com/advisories/54252
http://www.securityfocus.com/bid/61535
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-064884.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/86100
https://ics-cert.us-cert.gov/advisories/ICSA-13-213-02
http://scadastrangelove.blogspot.com/2013/08/ssa-064884-wincctia-portal-fixes.html
http://secunia.com/advisories/54051
http://secunia.com/advisories/54252
http://www.securityfocus.com/bid/61535
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-064884.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/86100
https://ics-cert.us-cert.gov/advisories/ICSA-13-213-02