Siemens Simatic Pcs 7 8.0 Remote Code Execution Vulnerability

Summary

Siemens Simatic Pcs  is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition. 

 

Credit:

The information has been provided by Vladimir Dashchenko.
The original article can be found at: https://security.netapp.com/advisory/ntap-20190509-0007/


Details

An attacker with access to the project file could run arbitrary system commands with the privileges of the local database server. The vulnerability could be exploited by an attacker with access to the project file. The vulnerability does impact the confidentiality, integrity, and availability of the affected system. At the time of advisory publication, no public exploitation of this security vulnerability was known.

Vulnerable Systems:

  • Siemens Simatic Pcs 7 8.0
  • Siemens Simatic Pcs 7 8.1
  • Siemens Simatic Pcs 7 8.2
  • Siemens Simatic Pcs 7 9.0
  • Siemens Simatic Wincc 7.2
  • Siemens Simatic Wincc 7.3
  • Siemens Simatic Wincc 7.4
  • Siemens Simatic Wincc 7.5
  • Siemens Simatic Wincc (tia Portal) 13.0
  • Siemens Simatic Wincc (tia Portal) 14.0
  • Siemens Simatic Wincc (tia Portal) 15.0

CVE Information:
CVE-2019-10916

Disclosure Timeline:
Publish Date:05/14/2019