ID

VAR-202407-0441


CVE

CVE-2024-30321


TITLE

Siemens SIMATIC WinCC Information Disclosure Vulnerability (CNVD-2024-32687)

Trust: 0.6

sources: CNVD: CNVD-2024-32687

DESCRIPTION

A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 23), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products do not properly handle certain requests to their web application, which may lead to the leak of privileged information. This could allow an unauthenticated remote attacker to retrieve information such as users and passwords. Siemens SIMATIC PCS 7 is a process control system from Siemens, Germany. SIMATIC WinCC is an automated supervisory control and data acquisition (SCADA) system. SIMATIC WinCC Runtime Professional is a visual runtime platform for operators to control and monitor machines and equipment

Trust: 1.44

sources: NVD: CVE-2024-30321 // CNVD: CNVD-2024-32687

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-32687

AFFECTED PRODUCTS

vendor:siemensmodel:simatic pcsscope:eqversion:7v9.1

Trust: 0.6

vendor:siemensmodel:simatic wincc runtime professionalscope:eqversion:v18

Trust: 0.6

vendor:siemensmodel:simatic wincc runtime professional updatescope:eqversion:v19<v192

Trust: 0.6

vendor:siemensmodel:simatic wincc sp1 updatescope:eqversion:v7.4<v7.423

Trust: 0.6

vendor:siemensmodel:simatic wincc sp2 updatescope:eqversion:v7.5<v7.517

Trust: 0.6

vendor:siemensmodel:simatic wincc updatescope:eqversion:v8.0<v8.05

Trust: 0.6

sources: CNVD: CNVD-2024-32687

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2024-30321
value: HIGH

Trust: 1.0

CNVD: CNVD-2024-32687
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2024-32687
severity: MEDIUM
baseScore: 5.4
vectorString: AV:N/AC:H/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

productcert@siemens.com: CVE-2024-30321
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2024-32687 // NVD: CVE-2024-30321

PROBLEMTYPE DATA

problemtype:CWE-359

Trust: 1.0

sources: NVD: CVE-2024-30321

PATCH

title:Patch for Siemens SIMATIC WinCC Information Disclosure Vulnerability (CNVD-2024-32687)url:https://www.cnvd.org.cn/patchInfo/show/569086

Trust: 0.6

sources: CNVD: CNVD-2024-32687

EXTERNAL IDS

db:SIEMENSid:SSA-883918

Trust: 1.6

db:NVDid:CVE-2024-30321

Trust: 1.6

db:CNVDid:CNVD-2024-32687

Trust: 0.6

sources: CNVD: CNVD-2024-32687 // NVD: CVE-2024-30321

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-883918.html

Trust: 1.6

sources: CNVD: CNVD-2024-32687 // NVD: CVE-2024-30321

SOURCES

db:CNVDid:CNVD-2024-32687
db:NVDid:CVE-2024-30321

LAST UPDATE DATE

2024-09-10T23:01:29.760000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-32687date:2024-07-16T00:00:00
db:NVDid:CVE-2024-30321date:2024-09-10T10:15:09.340

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-32687date:2024-07-19T00:00:00
db:NVDid:CVE-2024-30321date:2024-07-09T12:15:11.707