Description
A vulnerability has been identified in SIMATIC WinCC Unified PC Runtime V16 (All versions), SIMATIC WinCC Unified PC Runtime V17 (All versions), SIMATIC WinCC Unified PC Runtime V18 (All versions), SIMATIC WinCC Unified PC Runtime V19 (All versions), SIMATIC WinCC Unified PC Runtime V20 (All versions), SIMATIC WinCC Unified PC Runtime V21 (All versions < V21 Update 2). Insufficient protection of key material in WinCC Certificate Manager that could allow an attacker to extract sensitive information.
CVSS breakdown
CVSS 4.0
Attack Vector
Local
Attack Complexity
Low
Attack Requirements
None
Privileges Required
None
User Interaction
None
Confidentiality (Vulnerable System)
High
Integrity (Vulnerable System)
None
Availability (Vulnerable System)
None
Confidentiality (Subsequent System)
High
Integrity (Subsequent System)
None
Availability (Subsequent System)
None
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None
Affected products
- Siemens / SIMATIC WinCC Unified PC Runtime V160 – *
- Siemens / SIMATIC WinCC Unified PC Runtime V170 – *
- Siemens / SIMATIC WinCC Unified PC Runtime V180 – *
- Siemens / SIMATIC WinCC Unified PC Runtime V190 – *
- Siemens / SIMATIC WinCC Unified PC Runtime V200 – *
- Siemens / SIMATIC WinCC Unified PC Runtime V210 – V21 Update 2