CVE-2022-24287
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-24287
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC06), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1 UC01), SIMATIC WinCC Runtime Professional V16 and earlier (All versions), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Upd4), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 21), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 8). A missing printer configuration on the host could allow an authenticated attacker to escape the WinCC Kiosk Mode.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
不安全的默认资源初始化
Source: NVD (National Vulnerability Database)
Vulnerability Title
Siemens SIMATIC 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Siemens SIMATIC是德国西门子(Siemens)公司的一款组态软件。 Siemens SIMATIC 存在安全漏洞。经过身份验证的攻击者利用该漏洞可以逃离 Kiosk 模式。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Siemens | SIMATIC PCS 7 V8.2 | All versions | - | |
| Siemens | SIMATIC PCS 7 V9.0 | All versions < V9.0 SP3 UC06 | - | |
| Siemens | SIMATIC PCS 7 V9.1 | All versions < V9.1 SP1 UC01 | - | |
| Siemens | SIMATIC WinCC Runtime Professional V16 and earlier | All versions | - | |
| Siemens | SIMATIC WinCC Runtime Professional V17 | All versions < V17 Upd4 | - | |
| Siemens | SIMATIC WinCC V7.3 | All versions | - | |
| Siemens | SIMATIC WinCC V7.4 | All versions < V7.4 SP1 Update 21 | - | |
| Siemens | SIMATIC WinCC V7.5 | All versions < V7.5 SP2 Update 8 | - |
II. Public POCs for CVE-2022-24287
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-24287
请登录查看更多情报信息。
Same Patch Batch · Siemens · 2022-05-10 · 31 CVEs total
| CVE-2022-29873 | 9.8 CRITICAL | Siemens SICAM 安全漏洞 |
| CVE-2022-29872 | 8.8 HIGH | Siemens SICAM 输入验证错误漏洞 |
| CVE-2022-29874 | 8.8 HIGH | Siemens SICAM 安全漏洞 |
| CVE-2022-29878 | 7.5 HIGH | Siemens SICAM 安全漏洞 |
| CVE-2022-29882 | 7.1 HIGH | Siemens SICAM 跨站脚本漏洞 |
| CVE-2022-29876 | 7.1 HIGH | Siemens SICAM 跨站脚本漏洞 |
| CVE-2022-29880 | 6.5 MEDIUM | Siemens SICAM 跨站脚本漏洞 |
| CVE-2022-29883 | 5.3 MEDIUM | Siemens SICAM 访问控制错误漏洞 |
| CVE-2022-29881 | 5.3 MEDIUM | Siemens SICAM 访问控制错误漏洞 |
| CVE-2022-29879 | 4.3 MEDIUM | Siemens SICAM 访问控制错误漏洞 |
| CVE-2021-41545 | 多款Siemens产品安全漏洞 | |
| CVE-2022-24039 | Siemens Desigo PXC4 安全漏洞 | |
| CVE-2022-24040 | 多款Siemens产品资源管理错误漏洞 | |
| CVE-2022-24041 | 多款Siemens产品安全漏洞 | |
| CVE-2022-24042 | 多款Siemens产品代码问题漏洞 | |
| CVE-2022-24043 | 多款Siemens产品安全漏洞 | |
| CVE-2022-24044 | 多款Siemens产品安全漏洞 | |
| CVE-2022-24045 | 多款Siemens产品安全漏洞 | |
| CVE-2022-24290 | Siemens Teamcenter 缓冲区错误漏洞 | |
| CVE-2022-27242 | OpenV2G 安全漏洞 |
Showing top 20 of 31 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same weakness: CWE-1188
- CVE-2026-44109
OpenClaw < 2026.4.15 - Authentication Bypass in Feishu Webho - CVE-2026-43581
OpenClaw < 2026.4.10 - Chrome DevTools Protocol Exposure via - CVE-2026-41931
Vvveb < 1.0.8.2 Information Disclosure via Debug Exception H - CVE-2025-31974
HCL BigFix Service Management (SM) is susceptible to a Root - CVE-2026-39920
BridgeHead FileStore < 24A Apache Axis2 Default Credentials
V. Comments for CVE-2022-24287
No comments yet