CVE-2022-24287

Summary

A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC06), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1 UC01), SIMATIC WinCC Runtime Professional V16 and earlier (All versions), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Upd4), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 21), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 8). A missing printer configuration on the host could allow an authenticated attacker to escape the WinCC Kiosk Mode.

Affected Software

VendorProductVersion RangeStatus
SiemensSIMATIC PCS 7 V8.2All versionsaffected
SiemensSIMATIC PCS 7 V9.0All versions < V9.0 SP3 UC06affected
SiemensSIMATIC PCS 7 V9.1All versions < V9.1 SP1 UC01affected
SiemensSIMATIC WinCC Runtime Professional V16 and earlierAll versionsaffected
SiemensSIMATIC WinCC Runtime Professional V17All versions < V17 Upd4affected
SiemensSIMATIC WinCC V7.3All versionsaffected
SiemensSIMATIC WinCC V7.4All versions < V7.4 SP1 Update 21affected
SiemensSIMATIC WinCC V7.5All versions < V7.5 SP2 Update 8affected

Weaknesses

  • CWE-1188: CWE-1188: Insecure Default Initialization of Resource

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References