Insecure Password Verification Allows Unauthorized Access to Protected Files in SIMATIC PCS 7 and SIMATIC WinCC

Insecure Password Verification Allows Unauthorized Access to Protected Files in SIMATIC PCS 7 and SIMATIC WinCC

CVE-2020-10048 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

A vulnerability has been identified in SIMATIC PCS 7 (All versions), SIMATIC WinCC (All versions < V7.5 SP2). Due to an insecure password verification process, an attacker could bypass the password protection set on protected files, thus being granted access to the protected content, circumventing authentication.

Learn more about our Web Application Penetration Testing UK.