Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
615
VMScore

CVE-2010-2772

Published: 22/07/2010 Updated: 13/02/2024
CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 615
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, as demonstrated in the wild in July 2010 by the Stuxnet worm, a different vulnerability than CVE-2010-2568.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

siemens simatic wincc 6.2

siemens simatic wincc 7.0

siemens simatic pcs 7 7.1

siemens simatic pcs 7 6.0

siemens simatic pcs 7 6.1

siemens simatic pcs 7 7.0

Github Repositories

https://github.com/rodrigosilvaluz/STUXNET_DEEP_DIVE

    Stuxnet   Stuxnet is an extremely sophisticated computer worm that exploits multiple previously unknown Windows zero-day vulnerabilities to infect computers and spread Its purpose was not just to infect PCs but to cause real-world physical effects Specifically, it targets centrifuges used to produce the enriched uranium that powers nuclear

https://github.com/uraninite/win32-stuxnet

Stuxnet is an extremely sophisticated computer worm that exploits multiple previously unknown Windows zero-day vulnerabilities to infect computers and spread. Its purpose was not just to infect PCs but to cause real-world physical effects. Specifically, it targets centrifuges used to produce the enriched uranium that powers nuclear weapons and r…

    Stuxnet   Stuxnet is an extremely sophisticated computer worm that exploits multiple previously unknown Windows zero-day vulnerabilities to infect computers and spread Its purpose was not just to infect PCs but to cause real-world physical effects Specifically, it targets centrifuges used to produce the enriched uranium that powers nuclear

References

CWE-798http://infoworld.com/d/security-central/siemens-warns-users-dont-change-passwords-after-worm-attack-915?sourcefssrhttp://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/http://www.sea.siemens.com/us/News/Industrial/Pages/WinCC_Update.aspxhttp://infoworld.com/d/security-central/new-weaponized-virus-targets-industrial-secrets-725http://www.automation.siemens.com/forum/guests/PostShow.aspx?PostID=16127&16127&Language=en&PageIndex=1http://www.wired.com/threatlevel/2010/07/siemens-scada/http://www.f-secure.com/weblog/archives/00001987.htmlhttp://www.vupen.com/english/advisories/2010/1893http://www.wilderssecurity.com/showpost.php?p=1712134&postcount=22http://www.securityfocus.com/bid/41753http://secunia.com/advisories/40682http://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&lang=en&objid=43876783&caller=viewhttp://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&lang=en&objid=43876783&chttp://ics-cert.us-cert.gov/advisories/ICSA-12-205-01https://exchange.xforce.ibmcloud.com/vulnerabilities/60587https://nvd.nist.govhttps://github.com/rodrigosilvaluz/STUXNET_DEEP_DIVEhttps://github.com/uraninite/win32-stuxnet
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310CVE-2024-21683CVE-2024-22187chromedeserializationXPath injectionCVE-2024-27842denial of serviceCVE-2024-24851googleCVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook