CVE-2024-35783
First published: Tue Sep 10 2024(Updated: )
A vulnerability has been identified in SIMATIC BATCH V9.1 (All versions), SIMATIC Information Server 2020 (All versions < V2020 SP2 Update 5), SIMATIC Information Server 2022 (All versions < V2022 SP1 Update 2), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC06), SIMATIC Process Historian 2020 (All versions < V2020 SP2 Update 5), SIMATIC Process Historian 2022 (All versions < V2022 SP1 Update 2), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 5), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 3), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 18), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products run their DB server with elevated privileges which could allow an authenticated attacker to execute arbitrary OS commands with administrative privileges.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens SIMATIC BATCH | <=V9.1 | |
| Siemens SIMATIC Information Server 2022 | <V2020 SP2 Update 5 | |
| Siemens SIMATIC Information Server | <V2022 SP1 Update 2 | |
| Siemens SIMATIC PCS 7 | <V9.1 SP2 UC06 | |
| Siemens Simatic Process Historian | <V2020 SP2 Update 5 | |
| Siemens SIMATIC Process Historian | <V2022 SP1 Update 2 | |
| Siemens SIMATIC WinCC Runtime Professional | <V18 Update 5 | |
| Siemens SIMATIC WinCC Runtime Professional | <V19 Update 3 | |
| Siemens SIMATIC WinCC | <=V7.4 | |
| Siemens SIMATIC WinCC | <V7.5 SP2 Update 18 | |
| Siemens SIMATIC WinCC | <V8.0 Update 5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-35783?
CVE-2024-35783 has been classified with a high severity due to its potential impact on affected systems.
How do I fix CVE-2024-35783?
To fix CVE-2024-35783, you should apply the relevant security patches and updates provided by Siemens for the affected software versions.
Which Siemens products are impacted by CVE-2024-35783?
The impacted Siemens products include SIMATIC BATCH V9.1 and various versions of SIMATIC Information Server, PCS 7, and Process Historian.
Is CVE-2024-35783 being actively exploited?
As of now, there have been no reported cases indicating active exploitation of CVE-2024-35783.
What types of vulnerabilities are covered by CVE-2024-35783?
CVE-2024-35783 covers vulnerabilities related to improper input validation in the specified Siemens software products.
- agent/references
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/severity
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/description
- agent/source
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- vendor/siemens
- canonical/siemens simatic batch
- canonical/siemens simatic information server 2022
- canonical/siemens simatic information server
- canonical/siemens simatic pcs 7
- canonical/siemens simatic process historian
- canonical/siemens simatic wincc runtime professional
- canonical/siemens simatic wincc