SSA-629254 — Vulnetix

SSA-629254 PUBLISHED CVSS 9.100000381469727 CRITICAL

The products listed below contain a remote code execution vulnerability that could allow an authenticated remote attacker to execute arbitrary code with high privileges. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where fixes are not, or not yet available.

Risk Scores

CVSS 3.1

9.100000381469727

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C

Affected Products

Vendor	Product	Versions
	SIMATIC PCS 7 V9.1
	SIMATIC WinCC Runtime Professional V18
	SIMATIC WinCC V7.4
	SIMATIC Information Server 2020
	SIMATIC WinCC Runtime Professional V19
	SIMATIC WinCC V8.0
	SIMATIC Process Historian 2020
	SIMATIC Process Historian 2022
	SIMATIC WinCC V7.5
	SIMATIC Information Server 2022
	SIMATIC BATCH V9.1

Exploit Intelligence

https://cert-portal.siemens.com/productcert/html/ssa-629254.html (circl)
https://cert-portal.siemens.com/productcert/csaf/ssa-629254.json (circl)
https://support.industry.siemens.com/cs/ww/en/view/109793460/ (circl)
https://support.industry.siemens.com/cs/ww/en/view/109812242/ (circl)

Timeline

Sep 10, 2024 CVE Published
Jan 14, 2025 CVE Updated

References

https://cert-portal.siemens.com/productcert/html/ssa-629254.html advisory
https://cert-portal.siemens.com/productcert/csaf/ssa-629254.json advisory
https://support.industry.siemens.com/cs/ww/en/view/109793460/ fix
https://support.industry.siemens.com/cs/ww/en/view/109812242/ fix

Open in Interactive Console →