ICSA-26-174-01
·
Published 2026-06-23
·
View on CISA ICS-CERT ↗
Siemens WinCC Certificate Manager
CVSS 7.1
HIGH
Risk Summary
WinCC Certificate Manager insufficiently protects key material that could allow an attacker to extract sensitive information. Siemens has released a new version for SIMATIC WinCC Unified PC Runtime V21 and recommends to update to the latest version. Siemens recommends specific countermeasures for products where fixes are not, or not yet available.
CVEs (1)
Remediations
- The affected product may be operated only by personnel qualified for the specific task in accordance with the relevant documentation, in particular its warning notices and safety instructions. Qualified personnel are those who, based on their training and experience, are capable of identifying risks and avoiding potential hazards when working with the affected product.
- Currently no fix is planned
- Update to V21 Update 2 or later version
Affected Vendors
Siemens
Affected Products (6)
Siemens
·
SIMATIC WinCC Unified PC Runtime V16
vers:all/*
Siemens
·
SIMATIC WinCC Unified PC Runtime V17
vers:all/*
Siemens
·
SIMATIC WinCC Unified PC Runtime V18
vers:all/*
Siemens
·
SIMATIC WinCC Unified PC Runtime V19
vers:all/*
Siemens
·
SIMATIC WinCC Unified PC Runtime V20
vers:all/*
Siemens
·
SIMATIC WinCC Unified PC Runtime V21
vers:intdot/<21.0.2
Affected Sectors
Critical Manufacturing, Transportation Systems, Energy, Healthcare and Public Health, Financial Services, Government Services and Facilities
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more