CVE-2023-30897

Name of the Vulnerable Software and Affected Versions SIMATIC WinCC versions prior to V7.5.2.13

Description The issue is related to improper permission assignment for a critical resource in the SCADA system. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges.

Recommendations For versions prior to V7.5.2.13, update to version V7.5.2.13 or later to resolve the issue. As a temporary workaround, consider restricting access to the installation folder to minimize the risk of exploitation.