Arbitrary file upload in Siemens SIMATIC WinCC Professional
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2019-10935 |
| CWE-ID | CWE-434 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
SIMATIC WinCC Professional Server applications / SCADA systems SIMATIC PCS 7 Server applications / SCADA systems Siemens SIMATIC WinCC Server applications / SCADA systems SIMATIC WinCC Runtime Professional Server applications / SCADA systems |
| Vendor | Siemens |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Arbitrary file upload
EUVDB-ID: #VU19158
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2019-10935
CWE-ID:
CWE-434 - Unrestricted Upload of File with Dangerous Type
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to insufficient validation of file uploads. A remote authenticated user with network access to the WinCC DataMonitor application can upload arbitrary ASPX code on the server.
The vulnerability is relevant only in situations where an attacker has access via the web interface but not to the directory structure.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSIMATIC WinCC Professional: 13.001 - 15
SIMATIC PCS 7: 8.0 - 9.0
Siemens SIMATIC WinCC: 5.0 - 7.5 Update 2
SIMATIC WinCC Runtime Professional: 13.0 - 15 Update 4
CPE2.3 External linkshttp://cert-portal.siemens.com/productcert/pdf/ssa-121293.pdf
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
