CVE-2019-10922

Name of the Vulnerable Software and Affected Versions SIMATIC PCS 7 versions 8.0 and earlier SIMATIC PCS 7 versions 8.1 and newer SIMATIC WinCC versions 7.2 and earlier SIMATIC WinCC versions 7.3 and newer

Description A security issue has been identified that allows an attacker with network access to execute arbitrary code on affected installations configured without "Encrypted Communication". This can be exploited by an unauthenticated attacker with no user interaction required, impacting the confidentiality, integrity, and availability of the device. At the time of publication, no public exploitation of this issue was known.

Recommendations For SIMATIC PCS 7 versions 8.0 and earlier, consider enabling "Encrypted Communication" to mitigate the risk. For SIMATIC PCS 7 versions 8.1 and newer, consider enabling "Encrypted Communication" to mitigate the risk. For SIMATIC WinCC versions 7.2 and earlier, consider enabling "Encrypted Communication" to mitigate the risk. For SIMATIC WinCC versions 7.3 and newer, consider enabling "Encrypted Communication" to mitigate the risk. As a temporary workaround, consider restricting network access to affected installations until a fix is available.