CyberSec.Space Logo
CVEブラウザに戻る

CVE-2019-10922

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1970%
EPSS Percentile34.98th
Published2019年5月14日
Last Modified2024年11月21日

Vulnerability Description

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 and newer (All versions), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 and newer (All versions). An attacker with network access to affected installations, which are configured without "Encrypted Communication", can execute arbitrary code. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected installation. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.

Affected Platforms (CPE)

📦
Siemens

Simatic Pcs 7

<= 8.0
📦
Siemens

Simatic Pcs 7

>= 8.1
📦
Siemens

Simatic Wincc

<= 7.2
📦
Siemens

Simatic Wincc

>= 7.3

References & Advisories

🔗 http://www.securityfocus.com/bid/108398
🔗 https://cert-portal.siemens.com/productcert/pdf/ssa-705517.pdf
🔗 http://www.securityfocus.com/bid/108398
🔗 https://cert-portal.siemens.com/productcert/pdf/ssa-705517.pdf

関連する脆弱性情報

CVE-2014-855110.0

The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through...

CVE-2021-403589.9

A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC04), SIMAT...

CVE-2025-407959.8

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V...

CVE-2016-57439.8

Siemens SIMATIC WinCC before 7.3 Update 10 and 7.4 before Update 1, SIMATIC BATCH before 8.1 SP1 Update 9 as distributed in SIMATI...