CVE-2023-30897 Information

Description

A vulnerability has been identified in SIMATIC WinCC (All versions < V7.5.2.13). Affected applications fail to set proper access rights for their installation folder if a non-default installation path was chosen during installation.

This could allow an authenticated local attacker to inject arbitrary code and escalate privileges.

Reference

https://cert-portal.siemens.com/productcert/pdf/ssa-914026.pdf