Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-35783

Oct. 8, 2024, 9:15 a.m.

CVSS Score

9.1 / 10

Product(s) Impacted

SIMATIC PCS 7

  • 9.1

SIMATIC BATCH

  • 9.1

SIMATIC Information Server

  • 2020
  • 2022

SIMATIC Process Historian

  • 2020
  • 2022

SIMATIC WinCC Runtime Professional

  • 18
  • 19

SIMATIC WinCC

  • 7.4
  • 7.5
  • 8.0

Description

A vulnerability has been identified in SIMATIC BATCH V9.1 (All versions), SIMATIC Information Server 2020 (All versions), SIMATIC Information Server 2022 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC06), SIMATIC Process Historian 2020 (All versions), SIMATIC Process Historian 2022 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 3), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 18), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products run their DB server with elevated privileges which could allow an authenticated attacker to execute arbitrary OS commands with administrative privileges.

Weaknesses

CWE-250
Execution with Unnecessary Privileges

The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

CWE ID: 250

Date

Published: Sept. 10, 2024, 10:15 a.m.

Last Modified: Oct. 8, 2024, 9:15 a.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

productcert@siemens.com

CVSS Data

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score
9.1
Exploitability Score
2.3
Impact Score
6.0
Base Severity
CRITICAL
CVSS Vector String

The CVSS vector string provides an in-depth view of the vulnerability metrics.

View Vector String

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

References

https://cert-portal.siemens.com/ productcert@siemens.com