← back
CVE-2020-10048

CVE-2020-10048

EPSS 0.3%CWE-288
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
09 Feb 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A vulnerability has been identified in SIMATIC PCS 7 (All versions), SIMATIC WinCC (All versions < V7.5 SP2). Due to an insecure password verification process, an attacker could bypass the password protection set on protected files, thus being granted access to the protected content, circumventing authentication.
Affected products
Siemens · SIMATIC PCS 7Siemens · SIMATIC WinCC

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://cert-portal.siemens.com/productcert/pdf/ssa-944678.pdf