Insufficient Protection in SIMATIC WinCC Unified Runtime by Siemens
CVE-2026-24349

8.2HIGH

What is CVE-2026-24349?

A significant issue has been detected in the SIMATIC WinCC Unified PC Runtime, spanning multiple versions from V16 to V21 (pre-update 2). The vulnerability arises from inadequate safeguarding of key material within the WinCC Certificate Manager. This lack of robust protection could enable unauthorized access, leading to the extraction of sensitive information by malicious actors. Organizations utilizing these versions must address this vulnerability to mitigate potential security risks.

Affected Version(s)

SIMATIC WinCC Unified PC Runtime V16 0

SIMATIC WinCC Unified PC Runtime V17 0

SIMATIC WinCC Unified PC Runtime V18 0

References

CVSS V4

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.