⚠ Actively exploited
Added to CISA KEV on 2022-09-15. Federal agencies required to patch by 2022-10-06. Required action: Apply updates per vendor instructions..

CVE-2010-2568Improper Input Validation in Microsoft Windows Server 2008

CWE-20Improper Input ValidationCWE-798Hard-coded Credentials36 documents16 sources
Severity
7.8HIGHNVD
EPSS
92.1%
top 0.29%
CISA KEV
KEV
Added 2022-09-15
Due 2022-10-06
Exploit
Exploited in wild
Active exploitation observed
Affected products
3
Microsoft Windows Server 2008Siemens Simatic PCS 7Siemens Simatic Wincc
Timeline
PublishedJul 22
KEV addedSep 15
KEV dueOct 6
Latest updateJul 2
CISA Required Action: Apply updates per vendor instructions.

Description

Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDsiemens/simatic_wincc6.2, 7.0+1
NVDsiemens/simatic_pcs_74 versions+3

Patches

Patch: www.kb.cert.orgPatch: www.microsoft.comPatch: docs.microsoft.com

🔴Vulnerability Details

4
GHSA
GHSA-q89m-g397-f55p: Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, a2022-05-17
GHSA
GHSA-6j7w-pxhr-g4pr: Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote atta2022-05-14
VulnCheck
Siemens simatic_wincc Use of Hard-coded Credentials2010
VulnCheck
Microsoft Windows Remote Code Execution Vulnerability2010

💥Exploits & PoCs

5
Exploit-DB
Microsoft Windows - Shell LNK Code Execution (MS10-046) (Metasploit)2010-09-21
Exploit-DB
Microsoft Windows - Automatic .LNK Shortcut File Code Execution2010-07-18
Metasploit
FannyBMP or DementiaWheel Detection Registry Check
Metasploit
Microsoft Windows Shell LNK Code Execution
Metasploit
Microsoft Windows Shell LNK Code Execution

🔍Detection Rules

1
Suricata
ET MALWARE Stuxnet index.php2010-09-28

📋Vendor Advisories

2
CISA
Microsoft Windows Remote Code Execution Vulnerability2022-09-15
CISA ICS
USB Malware Targeting Siemens Control Software (Update C)2014-01-08

🕵️Threat Intelligence

21
Unit42
Windows Shortcut (LNK) Malware Strategies2025-07-02
Unit42
Windows Shortcut (LNK) Malware Strategies2025-07-02
Tenable
From Bugs to Breaches: 25 Significant CVEs As MITRE CVE Turns 252024-10-22
Securelist
Threats to users of adult websites in 20182019-02-21
Securelist
Threats to users of adult websites in 20182019-02-21

📄Research Papers

1
CTF
Syskron Security CTF / README2019