CVE-2020-10048 Vulnerability Details

  /     /     /  

CVE-2020-10048 Metadata Quick Info

CVE Published: 09/02/2021 | CVE Updated: 04/08/2024 | CVE Year: 2020
Source: siemens | Vendor: Siemens | Product: SIMATIC PCS 7
Status : PUBLISHED

---

CVE-2020-10048 Description

A vulnerability has been identified in SIMATIC PCS 7 (All versions), SIMATIC WinCC (All versions < V7.5 SP2). Due to an insecure password verification process, an attacker could bypass the password protection set on protected files, thus being granted access to the protected content, circumventing authentication.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-288
CWE Name: CWE-288: Authentication Bypass Using an Alternate Path or Channel
Source: Siemens

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).