CVE-2024-35783

CRITICAL

SIMATIC BATCH V9.1, SIMATIC Information Server 2020 <V2020 SP2 Upda...

Title source: llm

Description

A vulnerability has been identified in SIMATIC BATCH V9.1 (All versions), SIMATIC Information Server 2020 (All versions < V2020 SP2 Update 5), SIMATIC Information Server 2022 (All versions < V2022 SP1 Update 2), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC06), SIMATIC Process Historian 2020 (All versions < V2020 SP2 Update 5), SIMATIC Process Historian 2022 (All versions < V2022 SP1 Update 2), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 5), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 3), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 18), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products run their DB server with elevated privileges which could allow an authenticated attacker to execute arbitrary OS commands with administrative privileges.

References (1)

[Vendor Advisory] https://cert-portal.siemens.com/productcert/html/ssa-629254.html

Scores

CVSS v3 9.1

EPSS 0.0018

EPSS Percentile 38.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-250

Status published

Products (11)

Siemens/SIMATIC BATCH V9.1

Siemens/SIMATIC Information Server 2020 < V2020 SP2 Update 5

Siemens/SIMATIC Information Server 2022 < V2022 SP1 Update 2

Siemens/SIMATIC PCS 7 V9.1 < V9.1 SP2 UC06

Siemens/SIMATIC Process Historian 2020 < V2020 SP2 Update 5

Siemens/SIMATIC Process Historian 2022 < V2022 SP1 Update 2

Siemens/SIMATIC WinCC Runtime Professional V18 < V18 Update 5

Siemens/SIMATIC WinCC Runtime Professional V19 < V19 Update 3

Siemens/SIMATIC WinCC V7.4

Siemens/SIMATIC WinCC V7.5 < V7.5 SP2 Update 18

... and 1 more

Published Sep 10, 2024

Tracked Since Feb 18, 2026