CVE-2024-35783
Description
A vulnerability has been identified in SIMATIC BATCH V9.1 (All versions), SIMATIC Information Server 2020 (All versions < V2020 SP2 Update 5), SIMATIC Information Server 2022 (All versions < V2022 SP1 Update 2), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC06), SIMATIC Process Historian 2020 (All versions < V2020 SP2 Update 5), SIMATIC Process Historian 2022 (All versions < V2022 SP1 Update 2), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 5), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 3), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 18), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products run their DB server with elevated privileges which could allow an authenticated attacker to execute arbitrary OS commands with administrative privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6- Range: < V2020 SP2 Update 5, < V2022 SP1 Update 2
- Range: All versions, < V7.5 SP2 Update 18, < V8.0 Update 5
- Range: < V9.1 SP2 UC06
- Range: < V18 Update 5, < V19 Update 3
- Range: All versions
- Range: < V2020 SP2 Update 5, < V2022 SP1 Update 2
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.