CVE-2023-30897

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jun 13, 2023

Updated: Jun 26, 2023

CWE ID 732

Summary

CVE-2023-30897: A vulnerability was discovered in SIMATIC WinCC versions below V7.5.2.13. The issue lies in the failure to set adequate access rights for the installation folder during non-default installations. This oversight could enable authenticated local attackers to inject malicious code, thereby escalating their privileges.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Siemens Wincc Flexible

Affected Vendors

Siemens AG

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rn1_14
https://www.cve.org/CVERecord?id=CVE-2023-30897
https://nvd.nist.gov/vuln/detail/CVE-2023-30897

Back to Vulnerability Database