CVE-2022-24287

A vulnerability has been identified in SIMATIC PCS 7 V9.0 and earlier (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1 UC01), SIMATIC WinCC Runtime Professional V16 and earlier (All versions), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Upd4), SIMATIC WinCC V7.4 and earlier (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 8). An authenticated attacker could escape the WinCC Kiosk Mode by opening the printer dialog in the affected application in case no printer is installed.

Link	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-363107.pdf	Patch Vendor Advisory

Configuration 1

cpe:2.3:a:siemens:simatic_wincc:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_wincc:7.5:sp1:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_wincc:7.5:sp1_update1:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_wincc:7.5:sp1_update2:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_wincc:7.5:-:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_wincc:7.5:sp2:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_wincc:7.5:sp2_update1:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_wincc:7.5:sp2_update2:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_wincc:7.5:sp2_update3:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_wincc:7.5:sp2_update4:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_pcs_7:9.1:*:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_wincc:7.5:sp2_update5:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_pcs_7:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_wincc_runtime_professional:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_wincc_runtime_professional:17:*:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_wincc:7.5:sp2_update6:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_wincc:7.5:sp2_update7:*:*:*:*:*:*

---

Published : 2022-05-20 01:15

Updated : 2022-06-14 10:15

---

NVD link : CVE-2022-24287

Mitre link : CVE-2022-24287

No products.

CWE-1188

Insecure Default Initialization of Resource