Rewterz Threat Advisory – CVE-2019-10922 – Siemens SIMATIC WinCC and SIMATIC PCS 7 Remote Code Execution Vulnerability

May 15, 2019

Severity

High

Analysis Summary

If affected installations do not have “Encrypted Communication” configured, an unauthenticated attacker with network access may be able to execute arbitrary code.

Impact

Execution of arbitrary code

Affected Vendors

Siemens

Affected Products

SIMATIC WinCC
SIMATIC PCS 7
SIMATIC PCS 7 v8.0 and earlier
SIMATIC PCS 7 v8.1 and newer (if “Encrypted Communication” is disabled)
SIMATIC WinCC v7.2 and earlier
SIMATIC WinCC v7.3 and newer (if “Encrypted Communication” is disabled)

Remediation

Upgrade SIMATIC WinCC to v7.3 or newer.
Upgrade SIMATIC PCS 7 to v8.1 or newer.
Enable “Encrypted Communications” (some newer versions have this enabled by default).

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Bitter APT – Active IOCs

Google Chrome 0-Day Vulnerability Actively Exploited – Immediate Update

Multiple Microsoft Windows Products Zero-Day Vulnerabilities Exploit in the Wild

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Middle East Expected to See a Series of Cyber Attacks Disrupting Industrial Processes

Rewterz Threat Advisory – CVE-2019-6574 – Siemens SINAMICS PERFECT HARMONY GH180 Fieldbus Network Denial of Service Vulnerability

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.