CVE-2026-24349 HIGH

CVE-2026-24349

Vendor Siemens
Product SIMATIC WinCC Unified PC Runtime V16
Weakness CWE-313
Published June 9, 2026
Last update June 9, 2026

CVSS base score

7.1/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

A vulnerability has been identified in SIMATIC WinCC Unified PC Runtime V16 (All versions), SIMATIC WinCC Unified PC Runtime V17 (All versions), SIMATIC WinCC Unified PC Runtime V18 (All versions), SIMATIC WinCC Unified PC Runtime V19 (All versions), SIMATIC WinCC Unified PC Runtime V20 (All versions), SIMATIC WinCC Unified PC Runtime V21 (All versions < V21 Update 2). Insufficient protection of key material in WinCC Certificate Manager that could allow an attacker to extract sensitive information.

Key dates

02Disclosure timeline

June 9, 2026 CVE published
June 9, 2026 Record updated

Related vulnerabilities

04Related CVE