⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2010-2772Hard-coded Credentials in Siemens Simatic PCS 7

CWE-798Hard-coded Credentials6 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.3%
top 46.15%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
2
Siemens Simatic PCS 7Siemens Simatic Wincc
Timeline
PublishedJul 22
Latest updateMay 17

Description

Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, as demonstrated in the wild in July 2010 by the Stuxnet worm, a different vulnerability than CVE-2010-2568.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDsiemens/simatic_wincc6.2, 7.0+1
NVDsiemens/simatic_pcs_74 versions+3

🔴Vulnerability Details

3
GHSA
GHSA-q89m-g397-f55p: Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, a2022-05-17
CVEList
CVE-2010-2772: Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, a2010-07-22
VulnCheck
Siemens simatic_wincc Use of Hard-coded Credentials2010

🕵️Threat Intelligence

2
Talos
Rule Release for Today, Thursday July 22nd, 20102010-07-22
Talos
Rule Release for Today, Thursday July 22nd, 20102010-07-22
CVE-2010-2772 — Hard-coded Credentials in Siemens | cvebase