CVE-2019-10922

CWE-306 — Missing Authentication3 documents3 sources

Severity

9.8CRITICAL

EPSS

1.3%

top 20.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Simatic PCS 7 Siemens Simatic Wincc Siemens AG Simatic PCS 7 V8.0 AND Earlier +3 more

Timeline

PublishedMay 14

Latest updateMay 24

Description

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 and newer (All versions), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 and newer (All versions). An attacker with network access to affected installations, which are configured without "Encrypted Communication", can execute arbitrary code. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected installation. No user…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages6 packages

▶CVEListV5siemens_ag/simatic_wincc_v7.3_and_newerAll versions

▶CVEListV5siemens_ag/simatic_wincc_v7.2_and_earlierAll versions

▶NVDsiemens/simatic_wincc7.2+1

▶CVEListV5siemens_ag/simatic_pcs_7_v8.1_and_newerAll versions

▶CVEListV5siemens_ag/simatic_pcs_7_v8.0_and_earlierAll versions

🔴Vulnerability Details

GHSA

GHSA-6j2f-925p-c58v: A vulnerability has been identified in SIMATIC PCS 7 V8↗2022-05-24

▶

CVEList

CVE-2019-10922: A vulnerability has been identified in SIMATIC PCS 7 V8↗2019-05-14

▶