SIMATIC WinCC Runtime Professional v15: All versions prior to v15.1 Update 5. SIMATIC WinCC Runtime Professional v14: All versions. SIMATIC WinCC Runtime Professional v13: All versions prior to v13 SP2 Update 4. SIMATIC WinCC Runtime Advanced: All versions prior to v16 Update 2. SIMATIC WinCC OA v3.17: All versions prior to P003. SIMATIC WinCC OA v3.16: All versions prior to P018. SIMATIC STEP 7 (TIA Portal) v16: All versions prior to v16 Update 2. SIMATIC STEP 7 (TIA Portal) v15: All versions prior to v15.1 Update 5. SIMATIC WinCC Runtime Professional v14: All versions prior to v14 SP1 Update 10. SIMATIC STEP 7 (TIA Portal) v14: All versions prior to v14 SP1 Update 10. SIMATIC STEP 7 (TIA Portal) v13: All versions prior to SP2 Update 4. SIMATIC STEP 7: All versions prior to v5.6 SP2 HF3. SINAMICS STARTER: All versions prior to v5.4 HF2. SIMATIC S7-1500 Software Controller: All versions prior to v21.8. SIMATIC PCS neo: All versions prior to v3.0 SP1. SIMATIC NET PC software: All versions after v16 and prior to v16 Upd3. The following Siemens products are affected: 
Successful exploitation of this vulnerability could allow authorized local users with administrative privileges to execute custom code with SYSTEM level privileges. This updated advisory is a follow-up to the advisory update titled ICSA-20-161-04 Siemens SIMATIC, SINAMICS, SINEC, SINEMA, SINUMERIK (Update J) that was published April 14, 2022, to the ICS webpage on 3.
Vulnerability: Unquoted Search Path or Element.Equipment: SIMATIC, SINAMICS, SINEC, SINEMA, SINUMERIK.
0 kommentar(er)
