Arbitrary Code Execution Vulnerability in Siemens SIMATIC Products
CVE-2019-10922

9.8CRITICAL

Key Information:

Vendor: Siemens Ag
Status: Simatic Pcs 7 V8.0 And Earlier; Simatic Pcs 7 V8.1 And Newer; Simatic Wincc V7.2 And Earlier; Simatic Wincc V7.3 And Newer
Vendor: CVE Published:; 14 May 2019

What is CVE-2019-10922?

An identified vulnerability in Siemens SIMATIC PCS 7 and WinCC products allows an attacker with network access to execute arbitrary code on affected systems. This particularly impacts installations not configured for encrypted communication, enabling unauthorized, unauthenticated access that potentially compromises the integrity, confidentiality, and availability of the device. Mitigations should be implemented to secure affected installations from this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SIMATIC PCS 7 V8.0 and earlier All versions

SIMATIC PCS 7 V8.1 and newer All versions

SIMATIC WinCC V7.2 and earlier All versions

References

https://cert-portal.siemens.com/productcert/pdf/ssa-70551...

x_refsource_MISC

http://www.securityfocus.com/bid/108398

vdb-entryx_refsource_BID

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 14, 2019
Vulnerability Reserved
Apr 8, 2019

JSON

Siemens Ag

What is CVE-2019-10922?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.