Home

Description

A vulnerability has been identified in SIMATIC WinCC Unified PC Runtime V16 (All versions), SIMATIC WinCC Unified PC Runtime V17 (All versions), SIMATIC WinCC Unified PC Runtime V18 (All versions), SIMATIC WinCC Unified PC Runtime V19 (All versions), SIMATIC WinCC Unified PC Runtime V20 (All versions), SIMATIC WinCC Unified PC Runtime V21 (All versions < V21 Update 2). Insufficient protection of key material in WinCC Certificate Manager that could allow an attacker to extract sensitive information.

PUBLISHED Reserved 2026-01-22 | Published 2026-06-09 | Updated 2026-06-09 | Assigner siemens




HIGH: 7.1CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
HIGH: 8.2CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

Problem types

CWE-313: Cleartext Storage in a File or on Disk

Product status

Default status
unknown

Any version before *
affected

Default status
unknown

Any version before *
affected

Default status
unknown

Any version before *
affected

Default status
unknown

Any version before *
affected

Default status
unknown

Any version before *
affected

Default status
unknown

Any version before V21 Update 2
affected

References

cert-portal.siemens.com/productcert/html/ssa-063511.html

cve.org (CVE-2026-24349)

nvd.nist.gov (CVE-2026-24349)

Download JSON