CVE-2020-10048
MEDIUMSIMATIC PCS 7 and WinCC < 7.5 SP2 - Improper Authentication via Insecure Password Verification
Title source: llmDescription
A vulnerability has been identified in SIMATIC PCS 7 (All versions), SIMATIC WinCC (All versions < V7.5 SP2). Due to an insecure password verification process, an attacker could bypass the password protection set on protected files, thus being granted access to the protected content, circumventing authentication.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://cert-portal.siemens.com/productcert/pdf/ssa-944678.pdf
Scores
CVSS v3
5.5
EPSS
0.0006
EPSS Percentile
17.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-287
CWE-288
Status
published
Products (3)
siemens/simatic_pcs_7
siemens/simatic_wincc
7.5 sp1 (3 CPE variants)
siemens/simatic_wincc
< 7.5
Published
Feb 09, 2021
Tracked Since
Feb 18, 2026