vulnerability bulletin CVE-2010-2772
Siemens SIMATIC WinCC, PCS7: access to the SQL database
Synthesis of the vulnerability
The password of the SIMATIC WinCC database is pre-defined and cannot be changed, so an attacker can log in.Impacted products:
CERTA-2012-AVI-402, CVE-2010-2772, SSA-027884, VIGILANCE-VUL-11793.
Description of the vulnerability
The SIMATIC WinCC product uses a SQL database.
However, the password to this database is pre-defined and cannot be changed.
An attacker who knows the login/password can therefore log in, and access to data.Complete Vigil@nce bulletin....
Share this bulletin
Computer vulnerabilities tracking service
Vigil@nce provides a computers vulnerabilities patch
. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.