CVE-2026-24349
Possible ATT&CK Techniques 1AI
T1552.004 · Private KeysAffected Version Matrix 6
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Siemens | SIMATIC WinCC Unified PC Runtime V16 | < * | affected |
| Siemens | SIMATIC WinCC Unified PC Runtime V17 | < * | affected |
| Siemens | SIMATIC WinCC Unified PC Runtime V18 | < * | affected |
| Siemens | SIMATIC WinCC Unified PC Runtime V19 | < * | affected |
| Siemens | SIMATIC WinCC Unified PC Runtime V20 | < * | affected |
| Siemens | SIMATIC WinCC Unified PC Runtime V21 | < V21 Update 2 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-24349
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability has been identified in SIMATIC WinCC Unified PC Runtime V16 (All versions), SIMATIC WinCC Unified PC Runtime V17 (All versions), SIMATIC WinCC Unified PC Runtime V18 (All versions), SIMATIC WinCC Unified PC Runtime V19 (All versions), SIMATIC WinCC Unified PC Runtime V20 (All versions), SIMATIC WinCC Unified PC Runtime V21 (All versions < V21 Update 2). Insufficient protection of key material in WinCC Certificate Manager that could allow an attacker to extract sensitive information.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
在文件或磁盘上的明文存储
Source: NVD (National Vulnerability Database)
Vulnerability Title
Siemens SIMATIC WinCC Unified PC Runtime 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Siemens SIMATIC WinCC Unified PC Runtime是德国西门子(Siemens)公司的一款面向工业自动化和SCADA系统的人机界面与监控运行平台。 Siemens SIMATIC WinCC Unified PC Runtime V16版本、V17版本、V18版本、V19版本、V20版本和V21 Update 2之前版本存在安全漏洞,该漏洞源于WinCC证书管理器中密钥材料保护不足,可能导致攻击者提取敏感信息。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Siemens | SIMATIC WinCC Unified PC Runtime V16 | 0 ~ * | - | |
| Siemens | SIMATIC WinCC Unified PC Runtime V17 | 0 ~ * | - | |
| Siemens | SIMATIC WinCC Unified PC Runtime V18 | 0 ~ * | - | |
| Siemens | SIMATIC WinCC Unified PC Runtime V19 | 0 ~ * | - | |
| Siemens | SIMATIC WinCC Unified PC Runtime V20 | 0 ~ * | - | |
| Siemens | SIMATIC WinCC Unified PC Runtime V21 | 0 ~ V21 Update 2 | - |
II. Public POCs for CVE-2026-24349
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-24349
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-24349 (1)
Same Patch Batch · Siemens · 2026-06-09 · 6 CVEs total
| CVE-2026-46748 | 8.8 HIGH | Siemens SINEC INS 安全漏洞 |
| CVE-2026-46746 | 8.8 HIGH | Siemens SINEC INS 操作系统命令注入漏洞 |
| CVE-2026-46749 | 7.5 HIGH | Siemens SINEC INS 安全漏洞 |
| CVE-2025-40808 | 6.1 MEDIUM | Siemens多款产品 代码问题漏洞 |
| CVE-2026-46747 | 4.3 MEDIUM | Siemens SINEC INS 安全漏洞 |
IV. Related Vulnerabilities
Same weakness: CWE-313
- CVE-2025-4397
Medtronic MyCareLink Patient Monitor Data Encryption Weaknes - CVE-2026-6796
Sanluan PublicCMS Failed Login LoginAdminController.java log - CVE-2026-6598
langflow-ai langflow Project Creation Endpoint projects.py e - CVE-2026-5531
SourceCodester Student Result Management System HTTP GET Req - CVE-2025-64305
Columbia Weather Systems MicroServer Cleartext Storage in a
V. Comments for CVE-2026-24349
No comments yet