CVE-2022-24287

Published: May 10, 2022

Modified: Apr 21, 2025

PUBLISHED

CVSS v3.1

7.8

HIGH

Description

A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC06), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1 UC01), SIMATIC WinCC Runtime Professional V16 and earlier (All versions), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Upd4), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 21), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 8). A missing printer configuration on the host could allow an authenticated attacker to escape the WinCC Kiosk Mode.

Vendor	Product	Versions
Siemens	SIMATIC PCS 7 V8.2	affected `All versions`
Siemens	SIMATIC PCS 7 V9.0	affected `All versions < V9.0 SP3 UC06`
Siemens	SIMATIC PCS 7 V9.1	affected `All versions < V9.1 SP1 UC01`
Siemens	SIMATIC WinCC Runtime Professional V16 and earlier	affected `All versions`
Siemens	SIMATIC WinCC Runtime Professional V17	affected `All versions < V17 Upd4`
Siemens	SIMATIC WinCC V7.3	affected `All versions`
Siemens	SIMATIC WinCC V7.4	affected `All versions < V7.4 SP1 Update 21`
Siemens	SIMATIC WinCC V7.5	affected `All versions < V7.5 SP2 Update 8`

Weaknesses (CWE)

CWE-1188

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

https://cert-portal.siemens.com/productcert/pdf/ssa-363107.pdf

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-24287

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References