7.2
CVE-2019-10935
- EPSS 0.54%
- Veröffentlicht 11.07.2019 22:15:11
- Zuletzt bearbeitet 21.11.2024 04:20:11
- Quelle productcert@siemens.com
- Teams Watchlist Login
- Unerledigt Login
A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd 11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC Professional (TIA Portal V13) (All versions), SIMATIC WinCC Professional (TIA Portal V14) (All versions < V14 SP1 Upd 9), SIMATIC WinCC Professional (TIA Portal V15) (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). The SIMATIC WinCC DataMonitor web application of the affected products allows to upload arbitrary ASPX code. The security vulnerability could be exploited by an authenticated attacker with network access to the WinCC DataMonitor application. No user interaction is required to exploit this vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the affected device. At the stage of publishing this security advisory no public exploitation is known.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Siemens ≫ Simatic Pcs 7 Version8.0
Siemens ≫ Simatic Pcs 7 Version8.1
Siemens ≫ Simatic Pcs 7 Version8.2
Siemens ≫ Simatic Pcs 7 Version9.0
Siemens ≫ Simatic Wincc Version <= 7.2
Siemens ≫ Simatic Wincc Version7.3 Update-
Siemens ≫ Simatic Wincc Version7.3 Updateupdate_1
Siemens ≫ Simatic Wincc Version7.3 Updateupdate_10
Siemens ≫ Simatic Wincc Version7.3 Updateupdate_11
Siemens ≫ Simatic Wincc Version7.3 Updateupdate_13
Siemens ≫ Simatic Wincc Version7.3 Updateupdate_4
Siemens ≫ Simatic Wincc Version7.4 Update-
Siemens ≫ Simatic Wincc Version7.4 Updatesp1
Siemens ≫ Simatic Wincc Version7.4 Updateupdate_1
Siemens ≫ Simatic Wincc Version7.5
Siemens ≫ Simatic Wincc Version13 Update- SwEditionprofessional
Siemens ≫ Simatic Wincc Version13 Updatesp2 SwEditionprofessional
Siemens ≫ Simatic Wincc Version14 SwEditionprofessional
Siemens ≫ Simatic Wincc Version14 Update- SwEditionprofessional
Siemens ≫ Simatic Wincc Version14 Updatesp1 SwEditionprofessional
Siemens ≫ Simatic Wincc Version15 SwEditionprofessional
Siemens ≫ Simatic Wincc Runtime Version13 SwEditionprofessional
Siemens ≫ Simatic Wincc Runtime Version13 Update- SwEditionprofessional
Siemens ≫ Simatic Wincc Runtime Version13 Updatesp1 Editionupdate_2 SwEditionprofessional
Siemens ≫ Simatic Wincc Runtime Version13 Updatesp1 Editionupdate_9 SwEditionprofessional
Siemens ≫ Simatic Wincc Runtime Version13 Updatesp2 SwEditionprofessional
Siemens ≫ Simatic Wincc Runtime Version14 Update- SwEditionprofessional
Siemens ≫ Simatic Wincc Runtime Version14 Updatesp1 SwEditionprofessional
Siemens ≫ Simatic Wincc Runtime Version15 Update- SwEditionprofessional
Siemens ≫ Simatic Wincc Runtime Version15 Updateupdate_4 SwEditionprofessional
Siemens ≫ Simatic Wincc Runtime Version15.1 Update- SwEditionprofessional
Siemens ≫ Simatic Wincc Runtime Version15.1 Updateupdate_1 SwEditionprofessional
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.54% | 0.651 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.