// For flags

CVE-2024-35783

 

Severity Score

9.4
*CVSS v4

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track*
*SSVC
Descriptions

A vulnerability has been identified in SIMATIC BATCH V9.1 (All versions), SIMATIC Information Server 2020 (All versions), SIMATIC Information Server 2022 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC Process Historian 2020 (All versions), SIMATIC Process Historian 2022 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 18), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products run their DB server with elevated privileges which could allow an authenticated attacker to execute arbitrary OS commands with administrative privileges.

A vulnerability has been identified in SIMATIC BATCH V9.1 (All versions), SIMATIC Information Server 2020 (All versions), SIMATIC Information Server 2022 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC06), SIMATIC Process Historian 2020 (All versions), SIMATIC Process Historian 2022 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 5), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 3), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 18), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products run their DB server with elevated privileges which could allow an authenticated attacker to execute arbitrary OS commands with administrative privileges.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Attack Requirements
None
Privileges Required
High
User Interaction
None
System
Vulnerable | Subsequent
Confidentiality
High
High
Integrity
High
High
Availability
High
High
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Track*
Exploitation
None
Automatable
No
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2024-05-17 CVE Reserved
  • 2024-09-10 CVE Published
  • 2024-09-11 EPSS Updated
  • 2024-11-12 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-250: Execution with Unnecessary Privileges
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Siemens
Search vendor "Siemens"
 SIMATIC BATCH V9.1
Search vendor "Siemens" for product "SIMATIC BATCH V9.1"
 0
Search vendor "Siemens" for product "SIMATIC BATCH V9.1" and version "0"
en
Affected
Siemens
Search vendor "Siemens"
 SIMATIC Information Server 2020
Search vendor "Siemens" for product "SIMATIC Information Server 2020"
 0
Search vendor "Siemens" for product "SIMATIC Information Server 2020" and version "0"
en
Affected
Siemens
Search vendor "Siemens"
 SIMATIC Information Server 2022
Search vendor "Siemens" for product "SIMATIC Information Server 2022"
 0
Search vendor "Siemens" for product "SIMATIC Information Server 2022" and version "0"
en
Affected
Siemens
Search vendor "Siemens"
 SIMATIC Process Historian 2020
Search vendor "Siemens" for product "SIMATIC Process Historian 2020"
 0
Search vendor "Siemens" for product "SIMATIC Process Historian 2020" and version "0"
en
Affected
Siemens
Search vendor "Siemens"
 SIMATIC Process Historian 2022
Search vendor "Siemens" for product "SIMATIC Process Historian 2022"
 0
Search vendor "Siemens" for product "SIMATIC Process Historian 2022" and version "0"
en
Affected
Siemens
Search vendor "Siemens"
 SIMATIC WinCC V7.4
Search vendor "Siemens" for product "SIMATIC WinCC V7.4"
 0
Search vendor "Siemens" for product "SIMATIC WinCC V7.4" and version "0"
en
Affected