1. CVE-Search
  2. CVE-2019-10922
ID CVE-2019-10922
Summary A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 and newer (All versions), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 and newer (All versions). An attacker with network access to affected installations, which are configured without "Encrypted Communication", can execute arbitrary code. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected installation. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.
References
Vulnerable Configurations
  • cpe:2.3:a:siemens:simatic_pcs_7:*:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:simatic_pcs_7:*:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:simatic_wincc:*:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:simatic_wincc:*:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:simatic_wincc:7.3:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:simatic_wincc:7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:simatic_wincc:7.3:update13:*:*:*:*:*:*
    cpe:2.3:a:siemens:simatic_wincc:7.3:update13:*:*:*:*:*:*
  • cpe:2.3:a:siemens:simatic_wincc:7.4:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:simatic_wincc:7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update1:*:*:*:*:*:*
    cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update1:*:*:*:*:*:*
  • cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update10:*:*:*:*:*:*
    cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update10:*:*:*:*:*:*
  • cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update11:*:*:*:*:*:*
    cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update11:*:*:*:*:*:*
  • cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update12:*:*:*:*:*:*
    cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update12:*:*:*:*:*:*
  • cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update13:*:*:*:*:*:*
    cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update13:*:*:*:*:*:*
  • cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update2:*:*:*:*:*:*
    cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update2:*:*:*:*:*:*
  • cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update3:*:*:*:*:*:*
    cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update3:*:*:*:*:*:*
  • cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update4:*:*:*:*:*:*
    cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update4:*:*:*:*:*:*
  • cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update5:*:*:*:*:*:*
    cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update5:*:*:*:*:*:*
  • cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update6:*:*:*:*:*:*
    cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update6:*:*:*:*:*:*
  • cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update7:*:*:*:*:*:*
    cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update7:*:*:*:*:*:*
  • cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update8:*:*:*:*:*:*
    cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update8:*:*:*:*:*:*
  • cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update9:*:*:*:*:*:*
    cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update9:*:*:*:*:*:*
  • cpe:2.3:a:siemens:simatic_wincc:7.5:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:simatic_wincc:7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:simatic_wincc:7.5:-:*:*:*:*:*:*
    cpe:2.3:a:siemens:simatic_wincc:7.5:-:*:*:*:*:*:*
  • cpe:2.3:a:siemens:simatic_wincc:7.5:sp1:*:*:*:*:*:*
    cpe:2.3:a:siemens:simatic_wincc:7.5:sp1:*:*:*:*:*:*
  • cpe:2.3:a:siemens:simatic_wincc:7.5:sp1_update1:*:*:*:*:*:*
    cpe:2.3:a:siemens:simatic_wincc:7.5:sp1_update1:*:*:*:*:*:*
  • cpe:2.3:a:siemens:simatic_wincc:7.5:sp1_update2:*:*:*:*:*:*
    cpe:2.3:a:siemens:simatic_wincc:7.5:sp1_update2:*:*:*:*:*:*
  • cpe:2.3:a:siemens:simatic_wincc:7.5.1:-:*:*:*:*:*:*
    cpe:2.3:a:siemens:simatic_wincc:7.5.1:-:*:*:*:*:*:*
  • cpe:2.3:a:siemens:simatic_wincc:7.5.1:update1:*:*:*:*:*:*
    cpe:2.3:a:siemens:simatic_wincc:7.5.1:update1:*:*:*:*:*:*
  • cpe:2.3:a:siemens:simatic_wincc:13:-:*:*:*:*:*:*
    cpe:2.3:a:siemens:simatic_wincc:13:-:*:*:*:*:*:*
  • cpe:2.3:a:siemens:simatic_wincc:13:sp1:*:*:*:*:*:*
    cpe:2.3:a:siemens:simatic_wincc:13:sp1:*:*:*:*:*:*
  • cpe:2.3:a:siemens:simatic_wincc:13:sp2:*:*:*:*:*:*
    cpe:2.3:a:siemens:simatic_wincc:13:sp2:*:*:*:*:*:*
  • cpe:2.3:a:siemens:simatic_wincc:14.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:simatic_wincc:14.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:simatic_wincc:15.1:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:simatic_wincc:15.1:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:simatic_wincc:16:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:simatic_wincc:16:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 02-10-2020 - 14:36)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 108398
misc https://cert-portal.siemens.com/productcert/pdf/ssa-705517.pdf
Last major update 02-10-2020 - 14:36
Published 14-05-2019 - 20:29
Last modified 02-10-2020 - 14:36
Back to Top