CVE-2024-30321

Name of the Vulnerable Software and Affected Versions: SIMATIC PCS 7 versions prior to V9.1 SP2 UC05 SIMATIC WinCC Runtime Professional V18 versions prior to V18 Update 5 SIMATIC WinCC Runtime Professional V19 versions prior to V19 Update 2 SIMATIC WinCC V7.4 versions prior to V7.4 SP1 Update 23 SIMATIC WinCC V7.5 versions prior to V7.5 SP2 Update 17 SIMATIC WinCC V8.0 versions prior to V8.0 Update 5

Description: The affected products do not properly handle certain requests to their web application, which may lead to the leak of privileged information. This could allow an unauthenticated remote attacker to retrieve information such as users and passwords. The vulnerability is related to the incorrect handling of requests, which can provide unauthorized access to protected information.

Recommendations: For SIMATIC PCS 7 versions prior to V9.1 SP2 UC05, update to V9.1 SP2 UC05 or later. For SIMATIC WinCC Runtime Professional V18 versions prior to V18 Update 5, update to V18 Update 5 or later. For SIMATIC WinCC Runtime Professional V19 versions prior to V19 Update 2, update to V19 Update 2 or later. For SIMATIC WinCC V7.4 versions prior to V7.4 SP1 Update 23, update to V7.4 SP1 Update 23 or later. For SIMATIC WinCC V7.5 versions prior to V7.5 SP2 Update 17, update to V7.5 SP2 Update 17 or later. For SIMATIC WinCC V8.0 versions prior to V8.0 Update 5, update to V8.0 Update 5 or later.