CVE-2010-2772
moderate-risk
Published 2010-07-22
Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, as demonstrated in the wild in July 2010 by the Stuxnet worm, a different vulnerability than CVE-2010-2568.
Do I need to act?
-
0.31% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10
High
LOCAL
/ LOW complexity
Affected Products (8)
Affected Vendors
References (28)
Third Party Advisory
http://ics-cert.us-cert.gov/advisories/ICSA-12-205-01
Press/Media Coverage
http://infoworld.com/d/security-central/new-weaponized-virus-targets-industrial-...
Press/Media Coverage
http://infoworld.com/d/security-central/siemens-warns-users-dont-change-password...
Press/Media Coverage
http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/
Broken Link
http://secunia.com/advisories/40682
Third Party Advisory
http://www.f-secure.com/weblog/archives/00001987.html
Broken Link
http://www.securityfocus.com/bid/41753
Press/Media Coverage
http://www.wired.com/threatlevel/2010/07/siemens-scada/
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/60587
Third Party Advisory
http://ics-cert.us-cert.gov/advisories/ICSA-12-205-01
Press/Media Coverage
http://infoworld.com/d/security-central/new-weaponized-virus-targets-industrial-...
Press/Media Coverage
http://infoworld.com/d/security-central/siemens-warns-users-dont-change-password...
Press/Media Coverage
http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/
Broken Link
http://secunia.com/advisories/40682
and 8 more references
39
/ 100
moderate-risk
Severity
24/34 · High
Exploitability
1/34 · Minimal
Exposure
14/34 · Moderate