Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, as demonstrated in the wild in July 2010 by the Stuxnet worm, a different vulnerability than CVE-2010-2568.
Threat-Mapped Scoring
Score: 3.0
Priority: P2 - Serious (High)
S1 – Steal Customer Account Information
EPSS
Score: 0.00079Percentile:
0.24297
CVSS Scoring
CVSS v3.1 Score: 7.8
Severity: HIGH
Mapped CWE(s)
CWE-798
: Use of Hard-coded Credentials
All CAPEC(s)
CAPEC-191 : Read Sensitive Constants Within an Executable
CAPEC-70 : Try Common or Default Usernames and Passwords
CAPEC(s) with Mapped TTPs
CAPEC-191 : Read Sensitive Constants Within an Executable
Mapped TTPs:
CAPEC-70 : Try Common or Default Usernames and Passwords
Mapped TTPs:
Mapped ATT&CK TTPs
T1552.001
: Credentials In Files
Kill Chain: credential-access
T1078.001
: Default Accounts
Kill Chain: defense-evasion
Malware
APTs Threat Group Associations
Campaigns
Leviathan Australian Intrusions HomeLand Justice
Affected Products
cpe:2.3:a:siemens:simatic_wincc:6.2:*:*:*:*:*:*:*
cpe:2.3:a:siemens:simatic_wincc:7.0:*:*:*:*:*:*:*
cpe:2.3:a:siemens:simatic_pcs_7:6.0:*:*:*:*:*:*:*
cpe:2.3:a:siemens:simatic_pcs_7:6.1:*:*:*:*:*:*:*
cpe:2.3:a:siemens:simatic_pcs_7:7.0:-:*:*:*:*:*:*
cpe:2.3:a:siemens:simatic_pcs_7:7.0:sp1:*:*:*:*:*:*
cpe:2.3:a:siemens:simatic_pcs_7:7.1:*:*:*:*:*:*:*
cpe:2.3:a:siemens:simatic_pcs_7:7.1:sp1:*:*:*:*:*:*
← Back to Home
BrownCoat Threat Intelligence Platform | 2025 Steve Gray — You Can’t Take the Sky from Me