PatchSiren cyber security CVE debrief
CVE-2026-24349 Siemens CVE debrief
A vulnerability has been identified in SIMATIC WinCC Unified PC Runtime V16 (All versions), SIMATIC WinCC Unified PC Runtime V17 (All versions), SIMATIC WinCC Unified PC Runtime V18 (All versions), SIMATIC WinCC Unified PC Runtime V19 (All versions), SIMATIC WinCC Unified PC Runtime V20 (All versions), SIMATIC WinCC Unified PC Runtime V21 (All versions < V21 Update 2). Insufficient protection of key material in WinCC Certificate Manager that could allow an attacker to extract sensitive information.
- Vendor
- Siemens
- Product
- SIMATIC WinCC Unified PC Runtime V16
- CVSS
- HIGH 8.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-09
Who should care
Users of SIMATIC WinCC Unified PC Runtime V16, V17, V18, V19, V20, and V21 (prior to Update 2) should consider updating to the latest version or applying the necessary patches.
Technical summary
The vulnerability, tracked as CVE-2026-24349, is caused by insufficient protection of key material in WinCC Certificate Manager. This could allow an attacker to extract sensitive information.
Defensive priority
HIGH
Recommended defensive actions
- Apply the necessary patches or updates to SIMATIC WinCC Unified PC Runtime.
- Review and update security configurations for WinCC Certificate Manager.
Evidence notes
The vendor is identified as Siemens based on the evidence from reference_domain_candidate.
Official resources
-
CVE-2026-24349 CVE record
CVE.org
-
CVE-2026-24349 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-24349 was published on 2026-06-09T10:16:42.967Z and modified on 2026-06-09T13:49:39.993Z.