CVE-2019-10935

CWE-434Unrestricted File Upload3 documents3 sources
Severity
7.2HIGH
EPSS
0.5%
top 33.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
17
Siemens Simatic WinccSiemens AG Simatic PCS 7 V8.0 AND EarlierSiemens AG Simatic PCS 7 V8.1+14 more
Timeline
PublishedJul 11
Latest updateMay 24

Description

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd 11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC Professional (TIA Portal V13) (All versions), SIMATIC WinCC Professional (TIA Portal V14) (All versions < V14 SP1 Upd 9), SIMATIC WinCC Professional (TIA Portal V15) (All versions < V15.1 Up

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages17 packages

CVEListV5siemens_ag/simatic_wincc_runtime_professional_v14All versions < V14.1 Upd 8
CVEListV5siemens_ag/simatic_wincc_runtime_professional_v15All versions < V15.1 Upd 3
CVEListV5siemens_ag/simatic_wincc_professional_(tia_portal_v14)All versions < V14 SP1 Upd 9

Patches

Patch: cert-portal.siemens.comPatch: cert-portal.siemens.com

🔴Vulnerability Details

2
GHSA
GHSA-3hg6-vvm5-64f6: A vulnerability has been identified in SIMATIC PCS 7 V82022-05-24
CVEList
CVE-2019-10935: A vulnerability has been identified in SIMATIC PCS 7 V82019-07-11