CVE-2020-10048

2021-02-0915:38:17

CWE-288

siemens

www.cve.org

5.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

A vulnerability has been identified in SIMATIC PCS 7 (All versions), SIMATIC WinCC (All versions < V7.5 SP2). Due to an insecure password verification process, an attacker could bypass the password protection set on protected files, thus being granted access to the protected content, circumventing authentication.

CNA Affected

[
  {
    "product": "SIMATIC PCS 7",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "SIMATIC WinCC",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V7.5 SP2"
      }
    ]
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-944678.pdf