Arbitrary file upload in Siemens products - CVE-2019-10935
Published: July 12, 2019
Vulnerability identifier: #VU19158
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-10935
CWE-ID: CWE-434
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Siemens
Affected software:
SIMATIC WinCC Professional
SIMATIC PCS 7
Siemens SIMATIC WinCC
SIMATIC WinCC Runtime Professional
SIMATIC WinCC Professional
SIMATIC PCS 7
Siemens SIMATIC WinCC
SIMATIC WinCC Runtime Professional
Detailed vulnerability description
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to insufficient validation of file uploads. A remote authenticated user with network access to the WinCC DataMonitor application can upload arbitrary ASPX code on the server.
The vulnerability is relevant only in situations where an attacker has access via the web interface but not to the directory structure.
How to mitigate CVE-2019-10935
Install updates from vendor's website.