Vulnerability Details CVE-2022-24287
A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC06), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1 UC01), SIMATIC WinCC Runtime Professional V16 and earlier (All versions), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Upd4), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 21), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 8). A missing printer configuration on the host could allow an authenticated attacker to escape the WinCC Kiosk Mode.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 32.3%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 4.6
References
Products affected by CVE-2022-24287
-
cpe:2.3:a:siemens:simatic_pcs_7:-
-
cpe:2.3:a:siemens:simatic_pcs_7:6.0
-
cpe:2.3:a:siemens:simatic_pcs_7:6.1
-
cpe:2.3:a:siemens:simatic_pcs_7:7.0
-
cpe:2.3:a:siemens:simatic_pcs_7:7.1
-
cpe:2.3:a:siemens:simatic_pcs_7:8.0
-
cpe:2.3:a:siemens:simatic_pcs_7:8.1
-
cpe:2.3:a:siemens:simatic_pcs_7:8.2
-
cpe:2.3:a:siemens:simatic_pcs_7:9.0
-
cpe:2.3:a:siemens:simatic_pcs_7:9.1
-
cpe:2.3:a:siemens:simatic_wincc:-
-
cpe:2.3:a:siemens:simatic_wincc:6.2
-
cpe:2.3:a:siemens:simatic_wincc:7.0
-
cpe:2.3:a:siemens:simatic_wincc:7.1
-
cpe:2.3:a:siemens:simatic_wincc:7.2
-
cpe:2.3:a:siemens:simatic_wincc:7.3
-
cpe:2.3:a:siemens:simatic_wincc:7.4
-
cpe:2.3:a:siemens:simatic_wincc:7.5
-
cpe:2.3:a:siemens:simatic_wincc_runtime_professional:13
-
cpe:2.3:a:siemens:simatic_wincc_runtime_professional:14
-
cpe:2.3:a:siemens:simatic_wincc_runtime_professional:15
-
cpe:2.3:a:siemens:simatic_wincc_runtime_professional:16
-
cpe:2.3:a:siemens:simatic_wincc_runtime_professional:17