PT-2021-9133 · Siemens · Simatic Wincc+1

Published

2021-02-09

Updated

2021-02-11

CVE-2020-10048

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions SIMATIC PCS 7 (All versions) SIMATIC WinCC versions prior to V7.5 SP2

Description A security issue has been identified due to an insecure password verification process. This allows an attacker to bypass password protection on protected files, gaining access to the protected content and circumventing authentication.

Recommendations For SIMATIC PCS 7, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For SIMATIC WinCC versions prior to V7.5 SP2, update to version V7.5 SP2 or later to resolve the issue.

Improper Authentication

Authentication Bypass Using an Alternate Path or Channel

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-288

Related Identifiers

CVE-2020-10048

Affected Products

Simatic Pcs 7

Simatic Wincc

PT-2021-9133 · Siemens · Simatic Wincc+1

CVE-2020-10048

Weakness Enumeration

Related Identifiers

Affected Products

References · 3