Vulnerabilities > CVE-2019-10922 - Unspecified vulnerability in Siemens Simatic PCS 7 and Simatic Wincc

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

siemens

critical

NVD

Published: 2019-05-14

Updated: 2020-10-02

Summary

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 and newer (All versions), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 and newer (All versions). An attacker with network access to affected installations, which are configured without "Encrypted Communication", can execute arbitrary code. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected installation. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.

Vulnerable Configurations

Part	Description	Count
Application	Siemens Siemens Simatic PCS 7 - Siemens Simatic PCS 7 6.0 Siemens Simatic PCS 7 6.1 Siemens Simatic PCS 7 7.0 Siemens Simatic PCS 7 7.1 Siemens Simatic PCS 7 8.0 Siemens Simatic PCS 7 8.1 Siemens Simatic PCS 7 8.2 Siemens Simatic PCS 7 9.0 Siemens Simatic PCS 7 9.1 Siemens Simatic Wincc - Siemens Simatic Wincc 6.2 Siemens Simatic Wincc 7.0 Siemens Simatic Wincc 7.1 Siemens Simatic Wincc 7.3 Siemens Simatic Wincc 7.4 Siemens Simatic Wincc 7.5 Siemens Simatic Wincc 7.5.1 Siemens Simatic Wincc 13 Siemens Simatic Wincc 14 Siemens Simatic Wincc 14.0.1 Siemens Simatic Wincc 15 Siemens Simatic Wincc 15.1 Siemens Simatic Wincc 16 Siemens Simatic Wincc 17	97

Summary

Vulnerable Configurations

References