CVE-2020-10048

EPSS 0.06%
Veröffentlicht 09.02.2021 17:15:13
Zuletzt bearbeitet 21.11.2024 04:54:42
Quelle productcert@siemens.com
Teams Watchlist Login
Unerledigt Login

A vulnerability has been identified in SIMATIC PCS 7 (All versions), SIMATIC WinCC (All versions < V7.5 SP2). Due to an insecure password verification process, an attacker could bypass the password protection set on protected files, thus being granted access to the protected content, circumventing authentication.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Siemens ≫ Simatic Pcs 7

Siemens ≫ Simatic Wincc Version < 7.5

Siemens ≫ Simatic Wincc Version7.5 Updatesp1

Siemens ≫ Simatic Wincc Version7.5 Updatesp1_update1

Siemens ≫ Simatic Wincc Version7.5 Updatesp1_update2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.146

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

CWE-288 Authentication Bypass Using an Alternate Path or Channel

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

https://cert-portal.siemens.com/productcert/pdf/ssa-944678.pdf

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-10048

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-10048

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-10048

EUVD