PatchSiren cyber security CVE debrief
CVE-2024-30321 Siemens CVE debrief
A medium-severity information disclosure vulnerability in Siemens SIMATIC WinCC and PCS 7 products allows unauthenticated remote attackers to retrieve privileged information including user credentials through improper handling of web application requests. The vulnerability affects six product variants across the SIMATIC WinCC and PCS 7 product lines, with vendor fixes available for all affected versions as of the November 2024 advisory update.
- Vendor
- Siemens
- Product
- SIMATIC PCS 7 V9.1
- CVSS
- MEDIUM 5.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-07-09
- Original CVE updated
- 2024-11-12
- Advisory published
- 2024-07-09
- Advisory updated
- 2024-11-12
Who should care
Organizations operating Siemens SIMATIC WinCC or SIMATIC PCS 7 V9.1 in industrial control system environments, particularly those with web-facing or internally accessible HMI/SCADA interfaces. Critical infrastructure operators, manufacturing facilities, and process industries using affected versions should prioritize assessment and patching.
Technical summary
The affected Siemens SIMATIC products contain a web application component that fails to properly validate or handle certain incoming requests. This improper request handling allows an unauthenticated remote attacker to extract privileged information, specifically including user account names and passwords. The vulnerability is network-exploitable with high attack complexity, requiring no privileges or user interaction. The confidentiality impact is rated high, with no direct integrity or availability impact. The attack vector is network-based, affecting the web application interface of the industrial control system software.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided updates: SIMATIC PCS 7 V9.1 to SP2 UC05 or later; SIMATIC WinCC V7.4 to SP1 Update 23 or later; SIMATIC WinCC V7.5 to SP2 Update 17 or later; SIMATIC WinCC V8.0 to Update 5 or later; SIMATIC WinCC V
- Apply vendor-provided updates: SIMATIC WinCC Runtime Professional V18 to Update 5 or later; SIMATIC WinCC Runtime Professional V19 to Update 2 or later
- Restrict access to application webserver to trusted users only as interim workaround if patching is not immediately feasible
- Review and rotate potentially exposed credentials following organizational incident response procedures
- Monitor web application access logs for anomalous unauthenticated request patterns
Evidence notes
CVE published 2024-07-09; CISA advisory ICSA-24-193-16 published same date. Advisory revised 2024-09-10 to add fix for SIMATIC PCS 7 V9.1, and again 2024-11-12 to add fix for SIMATIC WinCC Runtime Professional V18. CVSS 5.9 (MEDIUM) per source. Not listed in CISA KEV.
Official resources
-
CVE-2024-30321 CVE record
CVE.org
-
CVE-2024-30321 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-07-09