ID
VAR-202409-0257
CVE
CVE-2024-35783
TITLE
Siemens SIMATIC SCADA and PCS 7 systems remote code execution vulnerability
Trust: 0.6
DESCRIPTION
A vulnerability has been identified in SIMATIC BATCH V9.1 (All versions), SIMATIC Information Server 2020 (All versions < V2020 SP2 Update 5), SIMATIC Information Server 2022 (All versions < V2022 SP1 Update 2), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC06), SIMATIC Process Historian 2020 (All versions < V2020 SP2 Update 5), SIMATIC Process Historian 2022 (All versions < V2022 SP1 Update 2), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 5), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 3), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 18), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products run their DB server with elevated privileges which could allow an authenticated attacker to execute arbitrary OS commands with administrative privileges. SIMATIC Information Server is used for reporting and visualization of process data stored in SIMATIC process Historian. SIMATIC Process Historian is a long-term archiving system for SIMATIC PCS 7, SIMATIC WinCC and SIMATIC PCS-neo. It stores process values, alarms and batch data of production plants in its database and provides historical process data for reporting and visualization applications. SIMATIC PCS 7 is a distributed control system (DCS) that integrates SIMATIC WinCC, SIMATIC Batch, SIMATIC Routing Control, OpenPCS 7 and other components. SIMATIC WinCC is a Supervisory Control and Data Acquisition (SCADA) system. SIMATIC WinCC Runtime Professional is a visualization runtime platform for operator control and monitoring of machines and plants. Siemens SIMATIC SCADA and PCS 7 systems have a remote code execution vulnerability
Trust: 1.44
IOT TAXONOMY
| category: | ['ICS'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | siemens | model: | simatic process historian | scope: | eq | version: | 2020 | Trust: 0.6 |
| vendor: | siemens | model: | simatic pcs | scope: | eq | version: | 7v9.1 | Trust: 0.6 |
| vendor: | siemens | model: | simatic wincc runtime professional | scope: | eq | version: | v18 | Trust: 0.6 |
| vendor: | siemens | model: | simatic wincc runtime professional | scope: | eq | version: | v19 | Trust: 0.6 |
| vendor: | siemens | model: | simatic wincc | scope: | eq | version: | v7.4 | Trust: 0.6 |
| vendor: | siemens | model: | simatic batch | scope: | eq | version: | v9.1 | Trust: 0.6 |
| vendor: | siemens | model: | simatic wincc update | scope: | eq | version: | v8.0<v8.05 | Trust: 0.6 |
| vendor: | siemens | model: | simatic information server | scope: | - | version: | - | Trust: 0.6 |
| vendor: | siemens | model: | simatic process historian | scope: | eq | version: | 2022 | Trust: 0.6 |
| vendor: | siemens | model: | simatic wincc sp2 update | scope: | eq | version: | v7.5<v7.518 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-250 | Trust: 1.0 |
PATCH
| title: | Patch for Siemens SIMATIC SCADA and PCS 7 systems remote code execution vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/590336 | Trust: 0.6 |
EXTERNAL IDS
| db: | SIEMENS | id: | SSA-629254 | Trust: 1.6 |
| db: | NVD | id: | CVE-2024-35783 | Trust: 1.6 |
| db: | CNVD | id: | CNVD-2024-38013 | Trust: 0.6 |
REFERENCES
| url: | https://cert-portal.siemens.com/productcert/html/ssa-629254.html | Trust: 1.6 |
SOURCES
| db: | CNVD | id: | CNVD-2024-38013 |
| db: | NVD | id: | CVE-2024-35783 |
LAST UPDATE DATE
2025-01-14T23:06:55.040000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2024-38013 | date: | 2024-09-12T00:00:00 |
| db: | NVD | id: | CVE-2024-35783 | date: | 2025-01-14T11:15:15.557 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2024-38013 | date: | 2024-09-13T00:00:00 |
| db: | NVD | id: | CVE-2024-35783 | date: | 2024-09-10T10:15:09.937 |