VDB
ICSA-24-256-14
ICSA-24-256-14
PUBLISHED
CVSS 9.100000381469727 CRITICAL
The products listed below contain a remote code execution vulnerability that could allow an authenticated remote attacker to execute arbitrary code with high privileges. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where fixes are not, or not yet available.
Risk Scores
CVSS v3.1
9.100000381469727
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SIMATIC Process Historian 2020 | ||
| SIMATIC Process Historian 2022 | ||
| SIMATIC PCS 7 V9.1 | ||
| SIMATIC WinCC V7.5 | ||
| SIMATIC WinCC V8.0 | ||
| SIMATIC WinCC Runtime Professional V19 | ||
| SIMATIC WinCC Runtime Professional V18 | ||
| SIMATIC Information Server 2022 | ||
| SIMATIC BATCH V9.1 | ||
| SIMATIC WinCC V7.4 | ||
| SIMATIC Information Server 2020 |
Timeline
- Sep 10, 2024 CVE Published
- Jan 14, 2025 CVE Updated
References
- https://cert-portal.siemens.com/productcert/csaf/ssa-629254.json advisory
- https://cert-portal.siemens.com/productcert/html/ssa-629254.html advisory
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-256-14.json advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-14 advisory
- https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 url
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
- https://www.cisa.gov/topics/industrial-control-systems url
- https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
- https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B url
- https://support.industry.siemens.com/cs/ww/en/view/109793460/ fix
- https://support.industry.siemens.com/cs/ww/en/view/109812242/ fix