Lucene search

SiemensCVE-2019-10918

HistoryMay 14, 2019 - 8:29 p.m.

CVE-2019-10918

2019-05-1420:29:02

CWE-749

siemens

web.nvd.nist.gov

cve-2019-10918

simatic pcs 7

wincc

remote code execution

dcom interface

security vulnerability

nvd

confidentiality

integrity

availability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

45.1%

JSON

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). An authenticatd attacker with network access to the DCOM interface could execute arbitrary commands with SYSTEM privileges. The vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires authentication with a low-privileged user account and no user interaction. An attacker could use the vulnerability to compromise confidentiality and integrity and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known.

Affected configurations

Nvd

Node

siemenssimatic_pcs_7Range≤8.0

siemenssimatic_pcs_7Match8.1

siemenssimatic_pcs_7Match8.2

siemenssimatic_pcs_7Match9.0

siemenssimatic_winccRange≤7.2

siemenssimatic_winccMatch7.3

siemenssimatic_winccMatch7.4

siemenssimatic_winccMatch7.5

siemenssimatic_wincc_\(tia_portal\)Match13.0

siemenssimatic_wincc_\(tia_portal\)Match14.0

siemenssimatic_wincc_\(tia_portal\)Match15.0

siemenssimatic_wincc_runtime_professional

VendorProductVersionCPE
siemenssimatic_pcs_7*cpe:2.3:a:siemens:simatic_pcs_7:*:*:*:*:*:*:*:*
siemenssimatic_pcs_78.1cpe:2.3:a:siemens:simatic_pcs_7:8.1:*:*:*:*:*:*:*
siemenssimatic_pcs_78.2cpe:2.3:a:siemens:simatic_pcs_7:8.2:*:*:*:*:*:*:*
siemenssimatic_pcs_79.0cpe:2.3:a:siemens:simatic_pcs_7:9.0:*:*:*:*:*:*:*
siemenssimatic_wincc*cpe:2.3:a:siemens:simatic_wincc:*:*:*:*:*:*:*:*
siemenssimatic_wincc7.3cpe:2.3:a:siemens:simatic_wincc:7.3:*:*:*:*:*:*:*
siemenssimatic_wincc7.4cpe:2.3:a:siemens:simatic_wincc:7.4:*:*:*:*:*:*:*
siemenssimatic_wincc7.5cpe:2.3:a:siemens:simatic_wincc:7.5:*:*:*:*:*:*:*
siemenssimatic_wincc_\(tia_portal\)13.0cpe:2.3:a:siemens:simatic_wincc_\(tia_portal\):13.0:*:*:*:*:*:*:*
siemenssimatic_wincc_\(tia_portal\)14.0cpe:2.3:a:siemens:simatic_wincc_\(tia_portal\):14.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	simatic_pcs_7	*	cpe:2.3:a:siemens:simatic_pcs_7::::::::
siemens	simatic_pcs_7	8.1	cpe:2.3:a:siemens:simatic_pcs_7:8.1:::::::*
siemens	simatic_pcs_7	8.2	cpe:2.3:a:siemens:simatic_pcs_7:8.2:::::::*
siemens	simatic_pcs_7	9.0	cpe:2.3:a:siemens:simatic_pcs_7:9.0:::::::*
siemens	simatic_wincc	*	cpe:2.3:a:siemens:simatic_wincc::::::::
siemens	simatic_wincc	7.3	cpe:2.3:a:siemens:simatic_wincc:7.3:::::::*
siemens	simatic_wincc	7.4	cpe:2.3:a:siemens:simatic_wincc:7.4:::::::*
siemens	simatic_wincc	7.5	cpe:2.3:a:siemens:simatic_wincc:7.5:::::::*
siemens	simatic_wincc_\(tia_portal\)	13.0	cpe:2.3:a:siemens:simatic_wincc_\(tia_portal\):13.0:::::::*
siemens	simatic_wincc_\(tia_portal\)	14.0	cpe:2.3:a:siemens:simatic_wincc_\(tia_portal\):14.0:::::::*

Rows per page:

1-10 of 121

CNA Affected

[
  {
    "product": "SIMATIC PCS 7 V8.0 and earlier",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "SIMATIC PCS 7 V8.1",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V8.1 with WinCC V7.3 Upd 19"
      }
    ]
  },
  {
    "product": "SIMATIC PCS 7 V8.2",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11"
      }
    ]
  },
  {
    "product": "SIMATIC PCS 7 V9.0",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11"
      }
    ]
  },
  {
    "product": "SIMATIC WinCC (TIA Portal) V13",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "SIMATIC WinCC (TIA Portal) V14",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V14 SP1 Upd 9"
      }
    ]
  },
  {
    "product": "SIMATIC WinCC (TIA Portal) V15",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V15.1 Upd 3"
      }
    ]
  },
  {
    "product": "SIMATIC WinCC Runtime Professional V13",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "SIMATIC WinCC Runtime Professional V14",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V14.1 Upd 8"
      }
    ]
  },
  {
    "product": "SIMATIC WinCC Runtime Professional V15",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V15.1 Upd 3"
      }
    ]
  },
  {
    "product": "SIMATIC WinCC V7.2 and earlier",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "SIMATIC WinCC V7.3",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V7.3 Upd 19"
      }
    ]
  },
  {
    "product": "SIMATIC WinCC V7.4",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V7.4 SP1 Upd 11"
      }
    ]
  },
  {
    "product": "SIMATIC WinCC V7.5",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V7.5 Upd 3"
      }
    ]
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf

www.us-cert.gov/ics/advisories/ICSA-19-134-08

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

45.1%

JSON

Related for CVE-2019-10918