Lucene search

SiemensCVELIST:CVE-2020-10048

HistoryFeb 09, 2021 - 3:38 p.m.

CVE-2020-10048

2021-02-0915:38:17

CWE-288

siemens

www.cve.org

simatic

pcs 7

wincc

vulnerability

password protection

bypass

authentication

insecure password verification

AI Score

5.4

Confidence

High

EPSS

Percentile

12.6%

JSON

A vulnerability has been identified in SIMATIC PCS 7 (All versions), SIMATIC WinCC (All versions < V7.5 SP2). Due to an insecure password verification process, an attacker could bypass the password protection set on protected files, thus being granted access to the protected content, circumventing authentication.

CNA Affected

[
  {
    "product": "SIMATIC PCS 7",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "SIMATIC WinCC",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V7.5 SP2"
      }
    ]
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-944678.pdf