SQL Injection Vulnerability in Siemens WinCC 7.0 SP3 and Earlier: Remote Code Execution via Crafted SOAP Message

SQL Injection Vulnerability in Siemens WinCC 7.0 SP3 and Earlier: Remote Code Execution via Crafted SOAP Message

CVE-2012-3032 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

SQL injection vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to execute arbitrary SQL commands via a crafted SOAP message.

Learn more about our Web App Pen Testing.