Description
A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC06), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1 UC01), SIMATIC WinCC Runtime Professional V16 and earlier (All versions), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Upd4), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 21), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 8). A missing printer configuration on the host could allow an authenticated attacker to escape the WinCC Kiosk Mode.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
E
Physical
RL
O
RC
Changed
Affected products
- Siemens / SIMATIC PCS 7 V8.2All versions – All versions
- Siemens / SIMATIC PCS 7 V9.0All versions < V9.0 SP3 UC06 – All versions < V9.0 SP3 UC06
- Siemens / SIMATIC PCS 7 V9.1All versions < V9.1 SP1 UC01 – All versions < V9.1 SP1 UC01
- Siemens / SIMATIC WinCC Runtime Professional V16 and earlierAll versions – All versions
- Siemens / SIMATIC WinCC Runtime Professional V17All versions < V17 Upd4 – All versions < V17 Upd4
- Siemens / SIMATIC WinCC V7.3All versions – All versions
- Siemens / SIMATIC WinCC V7.4All versions < V7.4 SP1 Update 21 – All versions < V7.4 SP1 Update 21
- Siemens / SIMATIC WinCC V7.5All versions < V7.5 SP2 Update 8 – All versions < V7.5 SP2 Update 8