CVE-2023-30897 HIGH

CVE-2023-30897

Vendor Siemens
Product SIMATIC WinCC
Weakness CWE-732
Published June 13, 2023
Last update January 3, 2025

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

What the vulnerability does

01Description

A vulnerability has been identified in SIMATIC WinCC (All versions < V7.5.2.13). Affected applications fail to set proper access rights for their installation folder if a non-default installation path was chosen during installation. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges.

Key dates

02Disclosure timeline

June 13, 2023 CVE published
January 3, 2025 Record updated