CVE-2020-10048

MEDIUM Year: 2020
CVSS v3 Score
5.5
Medium
CVSS v2 Score
2.1
Low
Weakness Type
CWE-288
View all →

Vulnerability Description

A vulnerability has been identified in SIMATIC PCS 7 (All versions), SIMATIC WinCC (All versions < V7.5 SP2). Due to an insecure password verification process, an attacker could bypass the password protection set on protected files, thus being granted access to the protected content, circumventing authentication.

Related Vulnerabilities

CVE-2020-11005

MEDIUM
CVSS:5.5(Medium)

The WindowsHello open source library (NuGet HaemmerElectronics.SeppPenner.WindowsHello), before version 1.0.4, has a vulnerability where encrypted data could potentially be decrypted without needing a...

CWE-2882020

CVE-2021-32958

MEDIUM
CVSS:5.5(Medium)

Successful exploitation of this vulnerability on Claroty Secure Remote Access (SRA) Site versions 3.0 through 3.2 allows an attacker with local command line interface access to gain the secret key, su...

CWE-2882021

CVE-2022-23725

MEDIUM
CVSS:5.5(Medium)

PingID Windows Login prior to 2.8 does not properly set permissions on the Windows Registry entries used to store sensitive API keys under some circumstances.

CWE-2882022

CVE-2022-31022

MEDIUM
CVSS:5.5(Medium)

Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pave way for exploitation of a node’s files...

CWE-2882022

CVE-2023-23503

MEDIUM
CVSS:5.5(Medium)

A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3, iOS 15.7.3 and iPadOS 15.7.3, tvOS 16.3, watchOS 9.3. An app may be abl...

CWE-2882023

CVE-2017-6871

MEDIUM
CVSS:5.4(Medium)

A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2) and SIMATIC WinCC Sm@rtClient for Android Lite (All versions before V1.0.2.2). An attacke...

CWE-2882017