CVE-2026-24349 PUBLISHED

Assigner: siemens
Reserved: 22.01.2026 Published: 09.06.2026 Updated: 09.06.2026

A vulnerability has been identified in SIMATIC WinCC Unified PC Runtime V16 (All versions), SIMATIC WinCC Unified PC Runtime V17 (All versions), SIMATIC WinCC Unified PC Runtime V18 (All versions), SIMATIC WinCC Unified PC Runtime V19 (All versions), SIMATIC WinCC Unified PC Runtime V20 (All versions), SIMATIC WinCC Unified PC Runtime V21 (All versions < V21 Update 2). Insufficient protection of key material in WinCC Certificate Manager that could allow an attacker to extract sensitive information.

Metrics

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
CVSS Score: 8.2

Product Status

Vendor Siemens
Product SIMATIC WinCC Unified PC Runtime V16
Versions Default: unknown
  • affected from 0 to * (excl.)
Vendor Siemens
Product SIMATIC WinCC Unified PC Runtime V17
Versions Default: unknown
  • affected from 0 to * (excl.)
Vendor Siemens
Product SIMATIC WinCC Unified PC Runtime V18
Versions Default: unknown
  • affected from 0 to * (excl.)
Vendor Siemens
Product SIMATIC WinCC Unified PC Runtime V19
Versions Default: unknown
  • affected from 0 to * (excl.)
Vendor Siemens
Product SIMATIC WinCC Unified PC Runtime V20
Versions Default: unknown
  • affected from 0 to * (excl.)
Vendor Siemens
Product SIMATIC WinCC Unified PC Runtime V21
Versions Default: unknown
  • affected from 0 to V21 Update 2 (excl.)

References

Problem Types

  • CWE-313: Cleartext Storage in a File or on Disk CWE