Details of VAR-202407-0441

ID

VAR-202407-0441

CVE

CVE-2024-30321

TITLE

Siemens SIMATIC WinCC Information Disclosure Vulnerability (CNVD-2024-32687)

Trust: 0.6

sources: CNVD: CNVD-2024-32687

DESCRIPTION

A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 23), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products do not properly handle certain requests to their web application, which may lead to the leak of privileged information. This could allow an unauthenticated remote attacker to retrieve information such as users and passwords. Siemens SIMATIC PCS 7 is a process control system from Siemens, Germany. SIMATIC WinCC is an automated supervisory control and data acquisition (SCADA) system. SIMATIC WinCC Runtime Professional is a visual runtime platform for operators to control and monitor machines and equipment

Trust: 1.44

sources: NVD: CVE-2024-30321 // CNVD: CNVD-2024-32687

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-32687

AFFECTED PRODUCTS

vendor:	siemens	model:	simatic pcs	scope:	eq	version:	7v9.1	Trust: 0.6
vendor:	siemens	model:	simatic wincc runtime professional	scope:	eq	version:	v18	Trust: 0.6
vendor:	siemens	model:	simatic wincc runtime professional update	scope:	eq	version:	v19<v192	Trust: 0.6
vendor:	siemens	model:	simatic wincc sp1 update	scope:	eq	version:	v7.4<v7.423	Trust: 0.6
vendor:	siemens	model:	simatic wincc sp2 update	scope:	eq	version:	v7.5<v7.517	Trust: 0.6
vendor:	siemens	model:	simatic wincc update	scope:	eq	version:	v8.0<v8.05	Trust: 0.6

sources: CNVD: CNVD-2024-32687

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com:	CVE-2024-30321
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2024-32687
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2024-32687
severity:	MEDIUM
baseScore:	5.4
vectorString:	AV:N/AC:H/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

productcert@siemens.com:	CVE-2024-30321
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2024-32687 // NVD: CVE-2024-30321

PROBLEMTYPE DATA

problemtype:

CWE-359

Trust: 1.0

sources: NVD: CVE-2024-30321

PATCH

title:

Patch for Siemens SIMATIC WinCC Information Disclosure Vulnerability (CNVD-2024-32687)

url:

https://www.cnvd.org.cn/patchInfo/show/569086

Trust: 0.6

sources: CNVD: CNVD-2024-32687

EXTERNAL IDS

db:	SIEMENS	id:	SSA-883918	Trust: 1.6
db:	NVD	id:	CVE-2024-30321	Trust: 1.6
db:	CNVD	id:	CNVD-2024-32687	Trust: 0.6

sources: CNVD: CNVD-2024-32687 // NVD: CVE-2024-30321

REFERENCES

url:

https://cert-portal.siemens.com/productcert/html/ssa-883918.html

Trust: 1.6

sources: CNVD: CNVD-2024-32687 // NVD: CVE-2024-30321

SOURCES

db:	CNVD	id:	CNVD-2024-32687
db:	NVD	id:	CVE-2024-30321

LAST UPDATE DATE

2024-08-14T14:48:24.839000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-32687	date:	2024-07-16T00:00:00
db:	NVD	id:	CVE-2024-30321	date:	2024-07-09T18:19:14.047

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-32687	date:	2024-07-19T00:00:00
db:	NVD	id:	CVE-2024-30321	date:	2024-07-09T12:15:11.707