VDB
SSA-883918
SSA-883918
PUBLISHED
CVSS 5.900000095367432 MEDIUM
The affected products do not properly handle certain requests to their web application, which may lead to the leak of privileged information. This could allow an unauthenticated remote attacker to retrieve information such as users and passwords.
Risk Scores
CVSS v3.1
5.900000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | SIMATIC PCS 7 V9.1 | |
| Siemens | SIMATIC WinCC Runtime Professional V19 | |
| Siemens | SIMATIC WinCC V7.5 | |
| Siemens | SIMATIC WinCC V7.4 | |
| Siemens | SIMATIC WinCC V8.0 | |
| Siemens | SIMATIC WinCC Runtime Professional V18 |
Timeline
- Jul 9, 2024 CVE Published
- Nov 12, 2024 CVE Updated
References
- https://cert-portal.siemens.com/productcert/csaf/ssa-883918.json advisory
- https://cert-portal.siemens.com/productcert/html/ssa-883918.html advisory
- https://support.industry.siemens.com/cs/ww/en/view/109955792/ patch
- https://support.industry.siemens.com/cs/ww/en/view/109793460/ patch
- https://support.industry.siemens.com/cs/ww/en/view/109812242/ patch