Insufficient Protection in SIMATIC WinCC Unified Runtime by Siemens
CVE-2026-24349
8.2HIGH
Key Information:
- Vendor
Siemens
- Status
- Vendor
- CVE Published:
- 9 June 2026
What is CVE-2026-24349?
A significant issue has been detected in the SIMATIC WinCC Unified PC Runtime, spanning multiple versions from V16 to V21 (pre-update 2). The vulnerability arises from inadequate safeguarding of key material within the WinCC Certificate Manager. This lack of robust protection could enable unauthorized access, leading to the extraction of sensitive information by malicious actors. Organizations utilizing these versions must address this vulnerability to mitigate potential security risks.
Affected Version(s)
SIMATIC WinCC Unified PC Runtime V16 0
SIMATIC WinCC Unified PC Runtime V17 0
SIMATIC WinCC Unified PC Runtime V18 0