How severe is CVE-2022-24287?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2022-24287?

This is classified as CWE-1188, which is a common weakness in software security.

CVE-2022-24287 - HIGH Severity | CVSS 7.8

Vulnerability Description

A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC06), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1 UC01), SIMATIC WinCC Runtime Professional V16 and earlier (All versions), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Upd4), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 21), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 8). A missing printer configuration on the host could allow an authenticated attacker to escape the WinCC Kiosk Mode.

Related Vulnerabilities

CVE-2008-3278

HIGH

CVSS:7.8(High)

frysk packages through 2008-08-05 as shipped in Red Hat Enterprise Linux 5 are built with an insecure RPATH set in the ELF header of multiple binaries in /usr/bin/f* (e.g. fcore, fcatch, fstack, fstep...

CWE-11882008

CVE-2018-17485

HIGH

CVSS:7.8(High)

Lobby Track Desktop contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application.

CWE-11882018

CVE-2018-17497

HIGH

CVSS:7.8(High)

eVisitorPass contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application.

CWE-11882018

CVE-2018-20052

HIGH

CVSS:7.8(High)

An issue was discovered on Cerner Connectivity Engine (CCE) 4 devices. The user running the main CCE firmware has NOPASSWD sudo privileges to several utilities that could be used to escalate privilege...

CWE-11882018

CVE-2018-3667

HIGH

CVSS:7.8(High)

Installation tool IPDT (Intel Processor Diagnostic Tool) 4.1.0.24 sets permissions of installed files incorrectly, allowing for execution of arbitrary code and potential privilege escalation.

CWE-11882018

CVE-2018-5841

HIGH

CVSS:7.8(High)

dcc_curr_list is initialized with a default invalid value that is expected to be programmed by the user through a sysfs node which could lead to an invalid access in all Android releases from CAF (And...

CWE-11882018