8.2
CVE-2024-30321
- EPSS 0.19%
- Veröffentlicht 09.07.2024 12:15:11
- Zuletzt bearbeitet 21.11.2024 09:11:41
- Quelle productcert@siemens.com
- Teams Watchlist Login
- Unerledigt Login
A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 5), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 23), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products do not properly handle certain requests to their web application, which may lead to the leak of privileged information. This could allow an unauthenticated remote attacker to retrieve information such as users and passwords.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellersiemens
≫
Produkt
simatic_pcs_7
Default Statusunknown
Version <
10
Version
9.1
Status
affected
Herstellersiemens
≫
Produkt
simatic_wincc
Default Statusunknown
Version <
7.4_sp1_update_23
Version
7.4
Status
affected
Version <
7.5_sp2_update_17
Version
7.5
Status
affected
Version <
8.0_update_5
Version
8.0
Status
affected
Herstellersiemens
≫
Produkt
simatic_wincc
Default Statusunknown
Version <
7.4_sp1_update_23
Version
7.4
Status
affected
Version <
7.5_sp2_update_17
Version
7.5
Status
affected
Version <
8.0_update_5
Version
8.0
Status
affected
Herstellersiemens
≫
Produkt
simatic_wincc
Default Statusunknown
Version <
7.4_sp1_update_23
Version
7.4
Status
affected
Version <
7.5_sp2_update_17
Version
7.5
Status
affected
Version <
8.0_update_5
Version
8.0
Status
affected
Herstellersiemens
≫
Produkt
simatic_wincc_runtime_professional
Default Statusunknown
Version <
19
Version
18
Status
affected
Version <
19_update_2
Version
19
Status
affected
Herstellersiemens
≫
Produkt
simatic_wincc_runtime_professional
Default Statusunknown
Version <
19
Version
18
Status
affected
Version <
19_update_2
Version
19
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.19% | 0.414 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| productcert@siemens.com | 8.2 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| productcert@siemens.com | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-359 Exposure of Private Personal Information to an Unauthorized Actor
The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.