CVE-2023-30897

Summary

A vulnerability has been identified in SIMATIC WinCC (All versions < V7.5.2.13). Affected applications fail to set proper access rights for their installation folder if a non-default installation path was chosen during installation.

This could allow an authenticated local attacker to inject arbitrary code and escalate privileges.

Affected Software

VendorProductVersion RangeStatus
SiemensSIMATIC WinCCAll versions < V7.5.2.13affected

Weaknesses

  • CWE-732: CWE-732: Incorrect Permission Assignment for Critical Resource

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References