CVE-2019-10918

Summary

CVE	CVE-2019-10918
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2019-05-14 20:29:00 UTC
Updated	2021-10-28 13:37:00 UTC
Description	A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). An authenticatd attacker with network access to the DCOM interface could execute arbitrary commands with SYSTEM privileges. The vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires authentication with a low-privileged user account and no user interaction. An attacker could use the vulnerability to compromise confidentiality and integrity and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known.

Risk And Classification

Problem Types: NVD-CWE-Other

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Siemens	Simatic Pcs 7	8.1	All	All	All
Application	Siemens	Simatic Pcs 7	8.2	All	All	All
Application	Siemens	Simatic Pcs 7	9.0	All	All	All
Application	Siemens	Simatic Pcs 7	8.1	All	All	All
Application	Siemens	Simatic Pcs 7	8.2	All	All	All
Application	Siemens	Simatic Pcs 7	9.0	All	All	All
Application	Siemens	Simatic Pcs 7	All	All	All	All
Application	Siemens	Simatic Wincc	7.3	All	All	All
Application	Siemens	Simatic Wincc	7.4	All	All	All
Application	Siemens	Simatic Wincc	7.5	All	All	All
Application	Siemens	Simatic Wincc	7.3	All	All	All
Application	Siemens	Simatic Wincc	7.4	All	All	All
Application	Siemens	Simatic Wincc	7.5	All	All	All
Application	Siemens	Simatic Wincc	All	All	All	All
Application	Siemens	Simatic Wincc Tia Portal	13.0	All	All	All
Application	Siemens	Simatic Wincc Tia Portal	14.0	All	All	All
Application	Siemens	Simatic Wincc Tia Portal	15.0	All	All	All
Application	Siemens	Simatic Wincc Runtime Professional	All	All	All	All
Application	Siemens	Simatic Wincc Runtime Professional	All	All	All	All
Application	Siemens	Simatic Wincc Tia Portal	13.0	All	All	All
Application	Siemens	Simatic Wincc Tia Portal	14.0	All	All	All
Application	Siemens	Simatic Wincc Tia Portal	15.0	All	All	All
Application	Siemens	Simatic Wincc Tia Portal	13.0	All	All	All
Application	Siemens	Simatic Wincc Tia Portal	14.0	All	All	All
Application	Siemens	Simatic Wincc Tia Portal	15.0	All	All	All

References

Reference	Source	Link	Tags
cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf	MISC	cert-portal.siemens.com	Vendor Advisory
Siemens SIMATIC PCS7, WinCC, TIA Portal (Update D) \| CISA	MISC	www.us-cert.gov
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.