CVE-2022-24287

moderate-risk
Published 2022-05-20

A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC06), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1 UC01), SIMATIC WinCC Runtime Professional V16 and earlier (All versions), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Upd4), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 21), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 8). A missing printer configuration on the host could allow an authenticated attacker to escape the WinCC Kiosk Mode.

Do I need to act?

-
0.06% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10 High
LOCAL / LOW complexity

Affected Products (17)

Simatic Wincc Runtime Professional
Simatic Wincc Runtime Professional

Affected Vendors

Siemens

References (2)

Patch https://cert-portal.siemens.com/productcert/pdf/ssa-363107.pdf
Patch https://cert-portal.siemens.com/productcert/pdf/ssa-363107.pdf
43
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 0/34 · Minimal
Exposure 19/34 · Moderate