CVE-2019-10918

CWE-7493 documents3 sources

Severity

8.8HIGH

EPSS

0.4%

top 40.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Simatic PCS 7 Siemens Simatic Wincc Siemens AG Simatic PCS 7 V8.0 AND Earlier +14 more

Timeline

PublishedMay 14

Latest updateMay 24

Description

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages17 packages

▶CVEListV5siemens_ag/simatic_wincc_runtime_professional_v13All versions

▶CVEListV5siemens_ag/simatic_wincc_runtime_professional_v14All versions < V14.1 Upd 8

▶CVEListV5siemens_ag/simatic_wincc_runtime_professional_v15All versions < V15.1 Upd 3

▶NVDsiemens/simatic_wincc_\(tia_portal\)13.0, 14.0, 15.0+2

▶CVEListV5siemens_ag/simatic_wincc_(tia_portal)_v13All versions

🔴Vulnerability Details

GHSA

GHSA-vw33-cr89-4v6m: A vulnerability has been identified in SIMATIC PCS 7 V8↗2022-05-24

▶

CVEList

CVE-2019-10918: A vulnerability has been identified in SIMATIC PCS 7 V8↗2019-05-14

▶