← Back to home
SIEMENS-SSA-883918  ·  Published 2024-11-12  ·  View on Siemens ProductCERT ↗

SSA-883918 V1.2 (Last Update: 2024-11-12): Information Disclosure Vulnerability in SIMATIC WinCC

CVSS N/A MEDIUM

Risk Summary

<p>Multiple versions of SIMATIC WinCC and SIMATIC PCS 7 do not properly handle certain requests to their web application (WinCC WebNavigator, PCS 7 Web Server, and PCS 7 Web Diagnostics Server), which may lead to the leak of privileged information. This could allow an unauthenticated remote attacker to retrieve information such as users and passwords.</p> <p>Siemens has released new versions for the affected products and recommends to update to the latest versions.</p>

Remediations

  • Refer to Siemens ProductCERT advisory for patch and remediation guidance.

Affected Vendors

Siemens

Affected Products (1)

Siemens · SSA-883918 V1.2 (Last Update: 2024-11-12): Information Disclosure Vulnerability in SIMATIC WinCC See advisory

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more