Siemens WinCC Certificate Manager
Summary
Siemens WinCC Certificate Manager has a vulnerability where key material is insufficiently protected, potentially allowing attackers to extract sensitive information. Siemens has released a new version for SIMATIC WinCC Unified PC Runtime V21 and advises updating to the latest version, with specific countermeasures for products lacking immediate fixes.
IFF Assessment
The vulnerability allows attackers to extract sensitive information, posing a direct threat to the security of industrial control systems and critical infrastructure.
Severity
The CVSS score of 7.1 reflects a high severity due to the 'Cleartext Storage in a File or on Disk' vulnerability, which enables unauthorized access to sensitive information.
Defender Context
This alert highlights a critical vulnerability in Siemens WinCC Certificate Manager, affecting various versions of SIMATIC WinCC Unified PC Runtime. Defenders in sectors like critical manufacturing and energy must prioritize patching or applying mitigations to prevent potential sensitive information extraction by attackers. The widespread deployment and impact on critical infrastructure necessitate immediate attention to secure these systems.