Siemens WinCC WebNavigator Multiple Vulnerabilities

CVSS 7.5 HIGH

CVEs (5)

CVE-2012-3028 CVE-2012-3030 CVE-2012-3034 CVE-2012-3031 CVE-2012-3032

Siemens addresses these issues in a Siemens Security Advisory, SSA-864051. (https://cert-portal.siemens.com/productcert/pdf/ssa-864051.pdf)
Siemens provides an update for WinCC 7.0 SP3, which fixes vulnerabilities 1, 3, 4, and 5, and recommends installing the patch. Siemens also recommends users restrict access to WebNavigator, e.g., with a firewall or VPN gateway or to operate the service only within trusted networks.
No patch is yet available for vulnerability 2
Siemens recommends the following: Do not interact with other Internet-related services while being logged in. Log out when WebNavigator is not needed any more.

Siemens

Siemens · WebNavigator component of WinCC <=7.0_SP3

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.