8.2
CVE-2024-30321
- EPSS 0.26%
- Veröffentlicht 09.07.2024 12:15:11
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle productcert@siemens.com
- CVE-Watchlists
- Unerledigt
A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 5), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 23), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products do not properly handle certain requests to their web application, which may lead to the leak of privileged information. This could allow an unauthenticated remote attacker to retrieve information such as users and passwords.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellersiemens
≫
Produkt
simatic_pcs_7
Default Statusunknown
Version
9.1
Version <
10
Status
affected
Herstellersiemens
≫
Produkt
simatic_wincc
Default Statusunknown
Version
7.4
Version <
7.4_sp1_update_23
Status
affected
Version
7.5
Version <
7.5_sp2_update_17
Status
affected
Version
8.0
Version <
8.0_update_5
Status
affected
Herstellersiemens
≫
Produkt
simatic_wincc
Default Statusunknown
Version
7.4
Version <
7.4_sp1_update_23
Status
affected
Version
7.5
Version <
7.5_sp2_update_17
Status
affected
Version
8.0
Version <
8.0_update_5
Status
affected
Herstellersiemens
≫
Produkt
simatic_wincc
Default Statusunknown
Version
7.4
Version <
7.4_sp1_update_23
Status
affected
Version
7.5
Version <
7.5_sp2_update_17
Status
affected
Version
8.0
Version <
8.0_update_5
Status
affected
Herstellersiemens
≫
Produkt
simatic_wincc_runtime_professional
Default Statusunknown
Version
18
Version <
19
Status
affected
Version
19
Version <
19_update_2
Status
affected
Herstellersiemens
≫
Produkt
simatic_wincc_runtime_professional
Default Statusunknown
Version
18
Version <
19
Status
affected
Version
19
Version <
19_update_2
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.26% | 0.492 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| productcert@siemens.com | 8.2 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| productcert@siemens.com | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-359 Exposure of Private Personal Information to an Unauthorized Actor
The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.