Simatic Wincc Unified Pc Runtime V20
Monthly
Sensitive key material extraction is possible in Siemens SIMATIC WinCC Unified PC Runtime versions V16 through V21 (prior to V21 Update 2) due to insufficient protection in the WinCC Certificate Manager component. A local attacker on an affected HMI/SCADA workstation could harvest cryptographic key material that protects operator certificates, potentially enabling impersonation or downstream attacks against industrial control networks. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.
Sensitive key material extraction is possible in Siemens SIMATIC WinCC Unified PC Runtime versions V16 through V21 (prior to V21 Update 2) due to insufficient protection in the WinCC Certificate Manager component. A local attacker on an affected HMI/SCADA workstation could harvest cryptographic key material that protects operator certificates, potentially enabling impersonation or downstream attacks against industrial control networks. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.