[VIM] [CVENEW] New CVE CANs: 2013/03/21 11:00 ; count=6

coley at mitre.org coley at mitre.org
Thu Mar 21 10:04:26 CDT 2013


======================================================
Name: CVE-2013-0674
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0674
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121219
Category: 
Reference: MISC:http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf
Reference: CONFIRM:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf

Buffer overflow in the RegReader ActiveX control in Siemens WinCC
before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products,
allows remote attackers to execute arbitrary code via a long
parameter.



======================================================
Name: CVE-2013-0675
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0675
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121219
Category: 
Reference: MISC:http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf
Reference: CONFIRM:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf

Buffer overflow in CCEServer (aka the central communications
component) in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before
8.0 SP1 and other products, allows remote attackers to cause a denial
of service via a crafted packet.



======================================================
Name: CVE-2013-0676
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0676
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121219
Category: 
Reference: MISC:http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf
Reference: CONFIRM:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf

Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and
other products, does not properly assign privileges for the database
containing WebNavigator credentials, which allows remote authenticated
users to obtain sensitive information via a SQL query.



======================================================
Name: CVE-2013-0677
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0677
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121219
Category: 
Reference: MISC:http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf
Reference: CONFIRM:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf

The web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7
before 8.0 SP1 and other products, allows remote attackers to obtain
sensitive information or cause a denial of service via a crafted
project file.



======================================================
Name: CVE-2013-0678
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0678
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121219
Category: 
Reference: MISC:http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf
Reference: CONFIRM:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf

Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and
other products, does not properly represent WebNavigator credentials
in a database, which makes it easier for remote authenticated users to
obtain sensitive information via a SQL query.



======================================================
Name: CVE-2013-0679
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0679
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121219
Category: 
Reference: MISC:http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf
Reference: CONFIRM:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf

Directory traversal vulnerability in the web server in Siemens WinCC
before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products,
allows remote authenticated users to read arbitrary files via vectors
involving a query for a pathname.





More information about the VIM mailing list