CNVD-2022-36387 — Vulnetix

CNVD-2022-36387 PUBLISHED

SIMATIC PCS 7是一套过程控制系统。SIMATIC WinCC是一套自动化的数据采集与监控（SCADA）系统。SIMATIC WinCC Runtime Professional是一个可视化运行平台，用于操作员控制和监控机器和设备。 Siemens SIMATIC WinCC Kiosk Mode存在安全漏洞，如果没有安装打印机，经过身份验证的攻击者可利用漏洞通过在受影响的应用程序中打开打印机对话框来逃脱WinCC Kiosk模式。

Affected Products

Vendor	Product	Versions
	SIEMENS SIMATIC WinCC <=V7.4
	SIEMENS SIMATIC PCS 7 V9.1
	SIEMENS SIMATIC PCS 7 <=V9.0
	Siemens SIMATIC WinCC < V7.5 SP2 Update 8
	SIEMENS SIMATIC WinCC Runtime Professional V17
	SIEMENS SIMATIC WinCC Runtime Professional <=V16

Timeline

May 11, 2022 CVE ID Reserved
May 12, 2022 CVE Published

References

https://cert-portal.siemens.com/productcert/html/ssa-363107.html url

Open in Interactive Console →