CVE-2019-10922

9.8CRITICAL

Key Information:

Vendor: Siemens Ag
Status: Simatic Pcs 7 V8.0 And Earlier; Simatic Pcs 7 V8.1 And Newer; Simatic Wincc V7.2 And Earlier; Simatic Wincc V7.3 And Newer
Vendor: CVE Published:; 14 May 2019

Summary

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 and newer (All versions), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 and newer (All versions). An attacker with network access to affected installations, which are configured without "Encrypted Communication", can execute arbitrary code. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected installation. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.

Affected Version(s)

SIMATIC PCS 7 V8.0 and earlier All versions

SIMATIC PCS 7 V8.1 and newer All versions

SIMATIC WinCC V7.2 and earlier All versions

References

https://cert-portal.siemens.com/productcert/pdf/ssa-70551...

x_refsource_MISC

http://www.securityfocus.com/bid/108398

vdb-entryx_refsource_BID

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 14, 2019
Vulnerability Reserved
Apr 8, 2019