CVE-2024-35783
Severity Score
9.4
*CVSS v4
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
A vulnerability has been identified in SIMATIC BATCH V9.1 (All versions), SIMATIC Information Server 2020 (All versions), SIMATIC Information Server 2022 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC Process Historian 2020 (All versions), SIMATIC Process Historian 2022 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 18), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products run their DB server with elevated privileges which could allow an authenticated attacker to execute arbitrary OS commands with administrative privileges.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
System
Vulnerable | Subsequent
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-05-17 CVE Reserved
- 2024-09-10 CVE Published
- 2024-09-10 CVE Updated
- 2024-09-11 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-250: Execution with Unnecessary Privileges
CAPEC
References (1)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Siemens Search vendor "Siemens" | SIMATIC BATCH V9.1 Search vendor "Siemens" for product "SIMATIC BATCH V9.1" | 0 Search vendor "Siemens" for product "SIMATIC BATCH V9.1" and version "0" | en |
Affected
| ||||||
| Siemens Search vendor "Siemens" | SIMATIC Information Server 2020 Search vendor "Siemens" for product "SIMATIC Information Server 2020" | 0 Search vendor "Siemens" for product "SIMATIC Information Server 2020" and version "0" | en |
Affected
| ||||||
| Siemens Search vendor "Siemens" | SIMATIC Information Server 2022 Search vendor "Siemens" for product "SIMATIC Information Server 2022" | 0 Search vendor "Siemens" for product "SIMATIC Information Server 2022" and version "0" | en |
Affected
| ||||||
| Siemens Search vendor "Siemens" | SIMATIC PCS 7 V9.1 Search vendor "Siemens" for product "SIMATIC PCS 7 V9.1" | 0 Search vendor "Siemens" for product "SIMATIC PCS 7 V9.1" and version "0" | en |
Affected
| ||||||
| Siemens Search vendor "Siemens" | SIMATIC Process Historian 2020 Search vendor "Siemens" for product "SIMATIC Process Historian 2020" | 0 Search vendor "Siemens" for product "SIMATIC Process Historian 2020" and version "0" | en |
Affected
| ||||||
| Siemens Search vendor "Siemens" | SIMATIC Process Historian 2022 Search vendor "Siemens" for product "SIMATIC Process Historian 2022" | 0 Search vendor "Siemens" for product "SIMATIC Process Historian 2022" and version "0" | en |
Affected
| ||||||
| Siemens Search vendor "Siemens" | SIMATIC WinCC Runtime Professional V18 Search vendor "Siemens" for product "SIMATIC WinCC Runtime Professional V18" | 0 Search vendor "Siemens" for product "SIMATIC WinCC Runtime Professional V18" and version "0" | en |
Affected
| ||||||
| Siemens Search vendor "Siemens" | SIMATIC WinCC Runtime Professional V19 Search vendor "Siemens" for product "SIMATIC WinCC Runtime Professional V19" | 0 Search vendor "Siemens" for product "SIMATIC WinCC Runtime Professional V19" and version "0" | en |
Affected
| ||||||
| Siemens Search vendor "Siemens" | SIMATIC WinCC V7.4 Search vendor "Siemens" for product "SIMATIC WinCC V7.4" | 0 Search vendor "Siemens" for product "SIMATIC WinCC V7.4" and version "0" | en |
Affected
| ||||||