CVE-2024-30321

CWE-3593 documents3 sources
Severity
8.2HIGH
EPSS
0.3%
top 50.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Siemens Simatic PCS 7 V9.1Siemens Simatic Wincc Runtime Professional V18Siemens Simatic Wincc Runtime Professional V19+3 more
Timeline
PublishedJul 9

Description

A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 5), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 23), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products do not properly handle certain requests to their web application, which may lead to t

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages6 packages

CVEListV5siemens/simatic_wincc_v7.4< V7.4 SP1 Update 23
CVEListV5siemens/simatic_wincc_v7.5< V7.5 SP2 Update 17
CVEListV5siemens/simatic_wincc_v8.0< V8.0 Update 5

🔴Vulnerability Details

2
GHSA
GHSA-x843-fv8x-w437: A vulnerability has been identified in SIMATIC PCS 7 V92024-07-09
CVEList
CVE-2024-30321: A vulnerability has been identified in SIMATIC PCS 7 V92024-07-09
CVE-2024-30321 (HIGH CVSS 8.2) | A vulnerability has been identified | cvebase.io