CVE-2022-24287

A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC06), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1 UC01), SIMATIC WinCC Runtime Professional V16 and earlier (All versions), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Upd4), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 21), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 8). A missing printer configuration on the host could allow an authenticated attacker to escape the WinCC Kiosk Mode.

Published: May 20, 2022
Updated: May 4, 2025
CVE: CVE-2022-24287
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-1188

Affected Software
References

Software	From	Fixed in
siemens / simatic_wincc	-	7.4.x
siemens / simatic_wincc	7.5-sp1	7.5-sp1.x
siemens / simatic_wincc	7.5-sp1_update1	7.5-sp1_update1.x
siemens / simatic_wincc	7.5-sp1_update2	7.5-sp1_update2.x
siemens / simatic_wincc	7.5	7.5.x
siemens / simatic_wincc	7.5-sp2	7.5-sp2.x
siemens / simatic_wincc	7.5-sp2_update1	7.5-sp2_update1.x
siemens / simatic_wincc	7.5-sp2_update2	7.5-sp2_update2.x
siemens / simatic_wincc	7.5-sp2_update3	7.5-sp2_update3.x
siemens / simatic_wincc	7.5-sp2_update4	7.5-sp2_update4.x
siemens / simatic_pcs_7	9.1	9.1.x
siemens / simatic_wincc	7.5-sp2_update5	7.5-sp2_update5.x
siemens / simatic_pcs_7	-	9.0.x
siemens / simatic_wincc_runtime_professional	-	16.x
siemens / simatic_wincc_runtime_professional	17	17.x
siemens / simatic_wincc	7.5-sp2_update6	7.5-sp2_update6.x
siemens / simatic_wincc	7.5-sp2_update7	7.5-sp2_update7.x

https://cert-portal.siemens.com/productcert/pdf/ssa-363107.pdf

Vulnerability Database

289,689

CVE-2022-24287