The login implementation in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, has a hardcoded account, which makes it easier for remote attackers to obtain access via an unspecified request.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Simatic_pcs7 | Siemens | * | 8.0 (including) |
| Simatic_pcs7 | Siemens | 8.0 (including) | 8.0 (including) |
| Wincc | Siemens | * | 7.2 (including) |
| Wincc | Siemens | 7.0 (including) | 7.0 (including) |
| Wincc | Siemens | 7.0-sp1 (including) | 7.0-sp1 (including) |
| Wincc | Siemens | 7.0-sp2 (including) | 7.0-sp2 (including) |
| Wincc | Siemens | 7.0-sp3 (including) | 7.0-sp3 (including) |
| Wincc | Siemens | 7.1 (including) | 7.1 (including) |
| Wincc | Siemens | 7.1-sp1 (including) | 7.1-sp1 (including) |