CVE-2023-30897
published 2023-06-13CVE-2023-30897: A vulnerability has been identified in SIMATIC WinCC (All versions < V7.5.2.13). Affected applications fail to set proper access rights for their installation…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
A vulnerability has been identified in SIMATIC WinCC (All versions < V7.5.2.13). Affected applications fail to set proper access rights for their installation folder if a non-default installation path was chosen during installation.
This could allow an authenticated local attacker to inject arbitrary code and escalate privileges.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | simatic_wincc | — | — |
| siemens | wincc | < 7.5.2.13 | 7.5.2.13 |