{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-30321", "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "state": "PUBLISHED", "assignerShortName": "siemens", "dateReserved": "2024-03-26T16:42:16.797Z", "datePublished": "2024-07-09T12:04:43.997Z", "dateUpdated": "2025-08-27T20:42:53.823Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens", "dateUpdated": "2024-11-12T12:49:28.352Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 5), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 23), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products do not properly handle certain requests to their web application, which may lead to the leak of privileged information.\r\nThis could allow an unauthenticated remote attacker to retrieve information such as users and passwords."}], "affected": [{"vendor": "Siemens", "product": "SIMATIC PCS 7 V9.1", "versions": [{"status": "affected", "version": "0", "lessThan": "V9.1 SP2 UC05", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMATIC WinCC Runtime Professional V18", "versions": [{"status": "affected", "version": "0", "lessThan": "V18 Update 5", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMATIC WinCC Runtime Professional V19", "versions": [{"status": "affected", "version": "0", "lessThan": "V19 Update 2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMATIC WinCC V7.4", "versions": [{"status": "affected", "version": "0", "lessThan": "V7.4 SP1 Update 23", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMATIC WinCC V7.5", "versions": [{"status": "affected", "version": "0", "lessThan": "V7.5 SP2 Update 17", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMATIC WinCC V8.0", "versions": [{"status": "affected", "version": "0", "lessThan": "V8.0 Update 5", "versionType": "custom"}], "defaultStatus": "unknown"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.9, "baseSeverity": "MEDIUM"}}, {"cvssV4_0": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "baseScore": 8.2, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-359", "description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor", "type": "CWE"}]}], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-883918.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:32:07.025Z"}, "title": "CVE Program Container", "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-883918.html", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-30321", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-19T16:20:35.487955Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:siemens:simatic_pcs_7:*:*:*:*:*:*:*:*"], "vendor": "siemens", "product": "simatic_pcs_7", "versions": [{"status": "affected", "version": "9.1", "lessThan": "10", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:siemens:simatic_wincc:*:*:*:*:*:*:*:*"], "vendor": "siemens", "product": "simatic_wincc", "versions": [{"status": "affected", "version": "7.4", "lessThan": "7.4_sp1_update_23", "versionType": "custom"}, {"status": "affected", "version": "7.5", "lessThan": "7.5_sp2_update_17", "versionType": "custom"}, {"status": "affected", "version": "8.0", "lessThan": "8.0_update_5", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:siemens:simatic_wincc:*:*:*:*:*:*:*:*"], "vendor": "siemens", "product": "simatic_wincc", "versions": [{"status": "affected", "version": "7.4", "lessThan": "7.4_sp1_update_23", "versionType": "custom"}, {"status": "affected", "version": "7.5", "lessThan": "7.5_sp2_update_17", "versionType": "custom"}, {"status": "affected", "version": "8.0", "lessThan": "8.0_update_5", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:siemens:simatic_wincc:*:*:*:*:*:*:*:*"], "vendor": "siemens", "product": "simatic_wincc", "versions": [{"status": "affected", "version": "7.4", "lessThan": "7.4_sp1_update_23", "versionType": "custom"}, {"status": "affected", "version": "7.5", "lessThan": "7.5_sp2_update_17", "versionType": "custom"}, {"status": "affected", "version": "8.0", "lessThan": "8.0_update_5", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:siemens:simatic_wincc_runtime_professional:*:*:*:*:*:*:*:*"], "vendor": "siemens", "product": "simatic_wincc_runtime_professional", "versions": [{"status": "affected", "version": "18", "lessThan": "19", "versionType": "custom"}, {"status": "affected", "version": "19", "lessThan": "19_update_2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:siemens:simatic_wincc_runtime_professional:*:*:*:*:*:*:*:*"], "vendor": "siemens", "product": "simatic_wincc_runtime_professional", "versions": [{"status": "affected", "version": "18", "lessThan": "19", "versionType": "custom"}, {"status": "affected", "version": "19", "lessThan": "19_update_2", "versionType": "custom"}], "defaultStatus": "unknown"}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-27T20:42:53.823Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-883918.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:32:07.025Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-30321", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-19T16:20:35.487955Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:siemens:simatic_pcs_7:*:*:*:*:*:*:*:*"], "vendor": "siemens", "product": "simatic_pcs_7", "versions": [{"status": "affected", "version": "9.1", "lessThan": "10", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:siemens:simatic_wincc:*:*:*:*:*:*:*:*"], "vendor": "siemens", "product": "simatic_wincc", "versions": [{"status": "affected", "version": "7.4", "lessThan": "7.4_sp1_update_23", "versionType": "custom"}, {"status": "affected", "version": "7.5", "lessThan": "7.5_sp2_update_17", "versionType": "custom"}, {"status": "affected", "version": "8.0", "lessThan": "8.0_update_5", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:siemens:simatic_wincc:*:*:*:*:*:*:*:*"], "vendor": "siemens", "product": "simatic_wincc", "versions": [{"status": "affected", "version": "7.4", "lessThan": "7.4_sp1_update_23", "versionType": "custom"}, {"status": "affected", "version": "7.5", "lessThan": "7.5_sp2_update_17", "versionType": "custom"}, {"status": "affected", "version": "8.0", "lessThan": "8.0_update_5", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:siemens:simatic_wincc:*:*:*:*:*:*:*:*"], "vendor": "siemens", "product": "simatic_wincc", "versions": [{"status": "affected", "version": "7.4", "lessThan": "7.4_sp1_update_23", "versionType": "custom"}, {"status": "affected", "version": "7.5", "lessThan": "7.5_sp2_update_17", "versionType": "custom"}, {"status": "affected", "version": "8.0", "lessThan": "8.0_update_5", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:siemens:simatic_wincc_runtime_professional:*:*:*:*:*:*:*:*"], "vendor": "siemens", "product": "simatic_wincc_runtime_professional", "versions": [{"status": "affected", "version": "18", "lessThan": "19", "versionType": "custom"}, {"status": "affected", "version": "19", "lessThan": "19_update_2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:siemens:simatic_wincc_runtime_professional:*:*:*:*:*:*:*:*"], "vendor": "siemens", "product": "simatic_wincc_runtime_professional", "versions": [{"status": "affected", "version": "18", "lessThan": "19", "versionType": "custom"}, {"status": "affected", "version": "19", "lessThan": "19_update_2", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-19T16:46:13.139Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}}, {"cvssV4_0": {"version": "4.0", "baseScore": 8.2, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"}}], "affected": [{"vendor": "Siemens", "product": "SIMATIC PCS 7 V9.1", "versions": [{"status": "affected", "version": "0", "lessThan": "V9.1 SP2 UC05", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMATIC WinCC Runtime Professional V18", "versions": [{"status": "affected", "version": "0", "lessThan": "V18 Update 5", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMATIC WinCC Runtime Professional V19", "versions": [{"status": "affected", "version": "0", "lessThan": "V19 Update 2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMATIC WinCC V7.4", "versions": [{"status": "affected", "version": "0", "lessThan": "V7.4 SP1 Update 23", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMATIC WinCC V7.5", "versions": [{"status": "affected", "version": "0", "lessThan": "V7.5 SP2 Update 17", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMATIC WinCC V8.0", "versions": [{"status": "affected", "version": "0", "lessThan": "V8.0 Update 5", "versionType": "custom"}], "defaultStatus": "unknown"}], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-883918.html"}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 5), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 23), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products do not properly handle certain requests to their web application, which may lead to the leak of privileged information.\r\nThis could allow an unauthenticated remote attacker to retrieve information such as users and passwords."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-359", "description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens", "dateUpdated": "2024-11-12T12:49:28.352Z"}}}, "cveMetadata": {"cveId": "CVE-2024-30321", "state": "PUBLISHED", "dateUpdated": "2025-08-27T20:42:53.823Z", "dateReserved": "2024-03-26T16:42:16.797Z", "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "datePublished": "2024-07-09T12:04:43.997Z", "assignerShortName": "siemens"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 5), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 23), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products do not properly handle certain requests to their web application, which may lead to the leak of privileged information.\r\nThis could allow an unauthenticated remote attacker to retrieve information such as users and passwords."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en SIMATIC PCS 7 V9.1 (todas las versiones), SIMATIC WinCC Runtime Professional V18 (todas las versiones), SIMATIC WinCC Runtime Professional V19 (todas las versiones &lt; V19 Update 2), SIMATIC WinCC V7.4 (todas las versiones &lt; V7.4 SP1 Actualizaci\u00f3n 23), SIMATIC WinCC V7.5 (Todas las versiones &lt; V7.5 SP2 Actualizaci\u00f3n 17), SIMATIC WinCC V8.0 (Todas las versiones &lt; V8.0 Actualizaci\u00f3n 5). Los productos afectados no gestionan adecuadamente determinadas solicitudes a su aplicaci\u00f3n web, lo que puede provocar la filtraci\u00f3n de informaci\u00f3n privilegiada. Esto podr\u00eda permitir que un atacante remoto no autenticado recupere informaci\u00f3n como usuarios y contrase\u00f1as."}], "id": "CVE-2024-30321", "lastModified": "2024-11-21T09:11:41.037", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "productcert@siemens.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "NONE", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "NONE"}, "source": "productcert@siemens.com", "type": "Secondary"}]}, "published": "2024-07-09T12:15:11.707", "references": [{"source": "productcert@siemens.com", "url": "https://cert-portal.siemens.com/productcert/html/ssa-883918.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://cert-portal.siemens.com/productcert/html/ssa-883918.html"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-359"}], "source": "productcert@siemens.com", "type": "Secondary"}]}

{}