Zero Day MonitorZDM

← Back to list

7.1

CVE-2026-24349PATCHED

siemens · simatic wincc unified pc runtime

CVE-2026-24349: A vulnerability has been identified in SIMATIC WinCC Unified PC Runtime V16 (All versions), SIMATIC WinCC Unified PC Run

Description

A vulnerability has been identified in SIMATIC WinCC Unified PC Runtime V16 (All versions), SIMATIC WinCC Unified PC Runtime V17 (All versions), SIMATIC WinCC Unified PC Runtime V18 (All versions), SIMATIC WinCC Unified PC Runtime V19 (All versions), SIMATIC WinCC Unified PC Runtime V20 (All versions), SIMATIC WinCC Unified PC Runtime V21 (All versions < V21 Update 2). Insufficient protection of key material in WinCC Certificate Manager that could allow an attacker to extract sensitive information.

Affected Products

Vendor	Product	Versions
siemens	simatic wincc unified pc runtime	0, 0, 0, 0, 0, 0

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
siemens	tia portal	cert_advisory	90%

References

https://cert-portal.siemens.com/productcert/html/ssa-063511.html

Related News (2 articles)

Tier B

BSI Advisories7h ago

[NEU] [mittel] Siemens TIA Portal (WinCC Unified PC Runtime): Schwachstelle ermöglicht Offenlegung von Informationen

→ No new info (linked only)

Tier C

VulDB7h ago

CVE-2026-24349 | Siemens SIMATIC WinCC Unified PC Runtime V21 Certificate cleartext storage in file (ssa-063511)

→ No new info (linked only)

CVSS 3.17.1 HIGH

VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CISA KEV❌ No

Actively exploited❌ No

Patch available

*V21 Update 2

CWECWE-313

PublishedJun 9, 2026

Last enriched7h agov2

Trending Score37

Source articles2

Independent2

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

MEDIUMCVE-2025-40808EXP

CVE-2025-40808: A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 (CP200) (All versions),

HIGHCVE-2026-46748EXP

CVE-2026-46748: A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected system includes a bina

HIGHCVE-2026-46746EXP

CVE-2026-46746: A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The application does not properly s

MEDIUMCVE-2026-46747EXP

CVE-2026-46747: A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected application does not p

HIGHCVE-2026-46749

CVE-2026-46749: A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected application uses a pas

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 9, 2026

Discovered by ZDM

Jun 9, 2026

Updated: description

Jun 9, 2026

Patch Available

Jun 9, 2026

Version History

v2

Last enriched 7h ago

v2Tier C7h ago

Updated description with more technical details, confirmed no exploit available, and noted that the attack requires local access.

description

via VulDB

v17h ago

Initial creation