Vulnerability in Siemens Simatic Pcs 7

CVE-2020-10048

A vulnerability has been identified in SIMATIC PCS 7 (All versions), SIMATIC WinCC (All versions < V7.5 SP2). Due to an insecure password verification process, an attacker could bypass the password protection set on protected files, thus b…

EPSS: 0.001 (18.2th percentile) — read the EPSS interpretation.

Affected products

Siemens Simatic Pcs 7 — versions All versions
Siemens Simatic Wincc — versions All versions < V7.5 SP2

Weakness classification (CWE)

CWE-288 — Authentication Bypass Using an Alternate Path or Channel

References

cert-portal.siemens.com/productcert/pdf/ssa-944678.pdf (x_refsource_MISC)