Skip to main content

Simatic Wincc Unified Pc Runtime V19

1 CVEs product

Monthly

CVE-2026-24349 HIGH CISA Act Now

Sensitive key material extraction is possible in Siemens SIMATIC WinCC Unified PC Runtime versions V16 through V21 (prior to V21 Update 2) due to insufficient protection in the WinCC Certificate Manager component. A local attacker on an affected HMI/SCADA workstation could harvest cryptographic key material that protects operator certificates, potentially enabling impersonation or downstream attacks against industrial control networks. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Information Disclosure Simatic Wincc Unified Pc Runtime V16 Simatic Wincc Unified Pc Runtime V17 Simatic Wincc Unified Pc Runtime V18 Simatic Wincc Unified Pc Runtime V19 +2
NVD
CVSS 4.0
8.2
EPSS
0.0%
EPSS 0% CVSS 8.2
HIGH Act Now

Sensitive key material extraction is possible in Siemens SIMATIC WinCC Unified PC Runtime versions V16 through V21 (prior to V21 Update 2) due to insufficient protection in the WinCC Certificate Manager component. A local attacker on an affected HMI/SCADA workstation could harvest cryptographic key material that protects operator certificates, potentially enabling impersonation or downstream attacks against industrial control networks. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Information Disclosure Simatic Wincc Unified Pc Runtime V16 Simatic Wincc Unified Pc Runtime V17 +4
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy