exploitDog

CVE-2013-0670

Опубликовано: 21 мар. 2013

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

CRLF injection vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.

Ссылки

http://ics-cert.us-cert.gov/pdf/ICSA-13-079-03.pdf
US Government Resource
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-212483.pdf
Vendor Advisory
http://ics-cert.us-cert.gov/pdf/ICSA-13-079-03.pdf
US Government Resource
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-212483.pdf
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:siemens:wincc_tia_portal:11.0:*:*:*:*:*:*:*

EPSS

Процентиль: 55%

0.00328

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-4fpf-24x8-fq8p

github

больше 3 лет назад

CRLF injection vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.

EPSS

Процентиль: 55%

0.00328

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-20