CVE-2013-3957 Information

Description

SQL injection vulnerability in the login screen in the Web Navigator in Siemens WinCC before 7.2 Update 1 as used in SIMATIC PCS7 8.0 SP1 and earlier and other products allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Reference

http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf