ID CVE-2010-2772
Summary Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, as demonstrated in the wild in July 2010 by the Stuxnet worm, a different vulnerability than CVE-2010-2568.
References
Vulnerable Configurations
  • cpe:2.3:a:siemens:simatic_wincc:*:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:simatic_wincc:*:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:simatic_wincc:6.2:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:simatic_wincc:6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:simatic_wincc:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:simatic_wincc:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:simatic_pcs_7:*:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:simatic_pcs_7:*:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:simatic_pcs_7:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:simatic_pcs_7:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:simatic_pcs_7:6.1:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:simatic_pcs_7:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:simatic_pcs_7:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:simatic_pcs_7:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:simatic_pcs_7:7.0:sp1:*:*:*:*:*:*
    cpe:2.3:a:siemens:simatic_pcs_7:7.0:sp1:*:*:*:*:*:*
  • cpe:2.3:a:siemens:simatic_pcs_7:7.1:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:simatic_pcs_7:7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:simatic_pcs_7:7.1:sp1:*:*:*:*:*:*
    cpe:2.3:a:siemens:simatic_pcs_7:7.1:sp1:*:*:*:*:*:*
CVSS
Base: 6.9 (as of 17-08-2017 - 01:32)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:M/Au:N/C:C/I:C/A:C
refmap via4
bid 41753
confirm
misc
secunia 40682
vupen ADV-2010-1893
xf simatic-wincc-default-password(60587)
Last major update 17-08-2017 - 01:32
Published 22-07-2010 - 05:43
Last modified 17-08-2017 - 01:32
Back to Top