A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1 UC01), SIMATIC WinCC Runtime Professional V16 and earlier (All versions), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Upd4), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP 1 Update 21), SIMATIC WinCC V7.5 (All versions < V7.5 SP 2 Update 8). A missing printer configuration on the host could allow an authenticated attacker to escape the WinCC Kiosk Mode.
References
Link | Resource |
---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-363107.pdf | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
11 Jul 2023, 10:15
Type | Values Removed | Values Added |
---|---|---|
Summary | A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1 UC01), SIMATIC WinCC Runtime Professional V16 and earlier (All versions), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Upd4), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP 1 Update 21), SIMATIC WinCC V7.5 (All versions < V7.5 SP 2 Update 8). A missing printer configuration on the host could allow an authenticated attacker to escape the WinCC Kiosk Mode. |
14 Jun 2022, 10:15
Type | Values Removed | Values Added |
---|---|---|
Summary | A vulnerability has been identified in SIMATIC PCS 7 V9.0 and earlier (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1 UC01), SIMATIC WinCC Runtime Professional V16 and earlier (All versions), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Upd4), SIMATIC WinCC V7.4 and earlier (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 8). An authenticated attacker could escape the WinCC Kiosk Mode by opening the printer dialog in the affected application in case no printer is installed. |
01 Jun 2022, 15:45
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:siemens:simatic_wincc:7.5:-:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_wincc:7.5:sp2_update3:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_wincc:7.5:sp2_update6:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_wincc_runtime_professional:17:*:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_wincc:7.5:sp2:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_wincc:7.5:sp2_update7:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_wincc:7.5:sp1_update1:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_wincc:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_wincc_runtime_professional:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_wincc:7.5:sp2_update5:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_wincc:7.5:sp1:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_wincc:7.5:sp1_update2:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_wincc:7.5:sp2_update1:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_pcs_7:9.1:*:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_wincc:7.5:sp2_update2:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_wincc:7.5:sp2_update4:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_pcs_7:*:*:*:*:*:*:*:* |
|
CWE | CWE-1188 | |
CVSS |
v2 : v3 : |
v2 : 4.6
v3 : 7.8 |
References | (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-363107.pdf - Patch, Vendor Advisory |
20 May 2022, 13:43
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-05-20 13:15
Updated : 2024-02-04 22:29
NVD link : CVE-2022-24287
Mitre link : CVE-2022-24287
CVE.ORG link : CVE-2022-24287
JSON object : View
Products Affected
siemens
- simatic_pcs_7
- simatic_wincc
- simatic_wincc_runtime_professional
CWE
CWE-1188
Insecure Default Initialization of Resource