Vulnerability Name:

CVE-2010-2772 (CCN-60587)

Assigned:2010-07-22
Published:2010-07-22
Updated:2017-08-17
Summary:Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, as demonstrated in the wild in July 2010 by the Stuxnet worm, a different vulnerability than CVE-2010-2568.
CVSS v3 Severity:6.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Adjacent
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
5.9 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:U/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
5.8 Medium (CCN CVSS v2 Vector: AV:A/AC:L/Au:N/C:P/I:P/A:P)
4.9 Medium (CCN Temporal CVSS v2 Vector: AV:A/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:U/RC:C)
Exploitability Metrics:Access Vector (AV): Adjacent_Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-255
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2010-2772

Source: MISC
Type: UNKNOWN
http://ics-cert.us-cert.gov/advisories/ICSA-12-205-01

Source: MISC
Type: UNKNOWN
http://infoworld.com/d/security-central/new-weaponized-virus-targets-industrial-secrets-725

Source: MISC
Type: UNKNOWN
http://infoworld.com/d/security-central/siemens-warns-users-dont-change-passwords-after-worm-attack-915?sourcefssr

Source: MISC
Type: UNKNOWN
http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/

Source: CCN
Type: SA40682
Siemens SIMATIC WinCC Undocumented Database User Account

Source: SECUNIA
Type: UNKNOWN
40682

Source: CCN
Type: Siemens Web Site
SIMATIC WinCC / SIMATIC PCS 7: Information concerning Malware / Virus / Trojan

Source: CONFIRM
Type: UNKNOWN
http://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&lang=en&objid=43876783&caller=viewhttp://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&lang=en&objid=43876783&c

Source: MISC
Type: UNKNOWN
http://www.automation.siemens.com/forum/guests/PostShow.aspx?PostID=16127&16127&Language=en&PageIndex=1

Source: MISC
Type: UNKNOWN
http://www.f-secure.com/weblog/archives/00001987.html

Source: CCN
Type: OSVDB ID: 66441
Siemens SIMATIC WinCC Default Password

Source: CONFIRM
Type: Vendor Advisory
http://www.sea.siemens.com/us/News/Industrial/Pages/WinCC_Update.aspx

Source: BID
Type: UNKNOWN
41753

Source: CCN
Type: BID-41753
Siemens SIMATIC WinCC Default Password Security Bypass Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2010-1893

Source: MISC
Type: UNKNOWN
http://www.wilderssecurity.com/showpost.php?p=1712134&postcount=22

Source: MISC
Type: UNKNOWN
http://www.wired.com/threatlevel/2010/07/siemens-scada/

Source: XF
Type: UNKNOWN
simatic-wincc-default-password(60587)

Source: XF
Type: UNKNOWN
simatic-wincc-default-password(60587)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:siemens:simatic_wincc:*:*:*:*:*:*:*:*
  • OR cpe:/a:siemens:simatic_wincc:6.2:*:*:*:*:*:*:*
  • OR cpe:/a:siemens:simatic_wincc:7.0:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:siemens:simatic_pcs_7:*:*:*:*:*:*:*:*
  • OR cpe:/a:siemens:simatic_pcs_7:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:siemens:simatic_pcs_7:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:siemens:simatic_pcs_7:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:siemens:simatic_pcs_7:7.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:siemens:simatic_pcs_7:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:siemens:simatic_pcs_7:7.1:sp1:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:siemens:simatic_wincc:6.2:*:*:*:*:*:*:*
  • OR cpe:/a:siemens:simatic_wincc:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:siemens:simatic_wincc:*:*:*:*:*:*:*:*
  • OR cpe:/a:siemens:simatic_pcs_7:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:siemens:simatic_pcs_7:7.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:siemens:simatic_pcs_7:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:siemens:simatic_pcs_7:7.1:sp1:*:*:*:*:*:*
  • OR cpe:/a:siemens:simatic_pcs_7:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:siemens:simatic_pcs_7:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:siemens:simatic_pcs_7:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    siemens simatic wincc *
    siemens simatic wincc 6.2
    siemens simatic wincc 7.0
    siemens simatic pcs 7 *
    siemens simatic pcs 7 6.0
    siemens simatic pcs 7 6.1
    siemens simatic pcs 7 7.0
    siemens simatic pcs 7 7.0 sp1
    siemens simatic pcs 7 7.1
    siemens simatic pcs 7 7.1 sp1
    siemens simatic wincc 6.2
    siemens simatic wincc 7.0
    siemens simatic wincc *
    siemens simatic pcs 7 7.0
    siemens simatic pcs 7 7.0 sp1
    siemens simatic pcs 7 7.1
    siemens simatic pcs 7 7.1 sp1
    siemens simatic pcs 7 6.1
    siemens simatic pcs 7 6.0
    siemens simatic pcs 7 *