A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC06), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1 UC01), SIMATIC WinCC Runtime Professional V16 and earlier (All versions), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Upd4), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 21), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 8). A missing printer configuration on the host could allow an authenticated attacker to escape the WinCC Kiosk Mode.
Weakness
The product initializes or sets a resource with a default that is intended to be changed by the product’s installer, administrator, or maintainer, but the default is not secure.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Simatic_pcs_7 | Siemens | * | 9.0 (including) |
| Simatic_pcs_7 | Siemens | 9.1 (including) | 9.1 (including) |
| Simatic_wincc | Siemens | * | 7.4 (including) |
| Simatic_wincc | Siemens | 7.5 (including) | 7.5 (including) |
| Simatic_wincc | Siemens | 7.5-sp1 (including) | 7.5-sp1 (including) |
| Simatic_wincc | Siemens | 7.5-sp1_update1 (including) | 7.5-sp1_update1 (including) |
| Simatic_wincc | Siemens | 7.5-sp1_update2 (including) | 7.5-sp1_update2 (including) |
| Simatic_wincc | Siemens | 7.5-sp2 (including) | 7.5-sp2 (including) |
| Simatic_wincc | Siemens | 7.5-sp2_update1 (including) | 7.5-sp2_update1 (including) |
| Simatic_wincc | Siemens | 7.5-sp2_update2 (including) | 7.5-sp2_update2 (including) |
| Simatic_wincc | Siemens | 7.5-sp2_update3 (including) | 7.5-sp2_update3 (including) |
| Simatic_wincc | Siemens | 7.5-sp2_update4 (including) | 7.5-sp2_update4 (including) |
| Simatic_wincc | Siemens | 7.5-sp2_update5 (including) | 7.5-sp2_update5 (including) |
| Simatic_wincc | Siemens | 7.5-sp2_update6 (including) | 7.5-sp2_update6 (including) |
| Simatic_wincc | Siemens | 7.5-sp2_update7 (including) | 7.5-sp2_update7 (including) |
| Simatic_wincc_runtime_professional | Siemens | * | 16 (including) |
| Simatic_wincc_runtime_professional | Siemens | 17 (including) | 17 (including) |