How severe is CVE-2024-30321?

This vulnerability has a severity rating of HIGH with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2024-30321?

This is classified as CWE-359, which is a common weakness in software security.

CVE-2024-30321 - HIGH Severity | CVSS 5.9

Vulnerability Description

A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 5), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 23), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products do not properly handle certain requests to their web application, which may lead to the leak of privileged information. This could allow an unauthenticated remote attacker to retrieve information such as users and passwords.

Related Vulnerabilities

CVE-2024-38103

MEDIUM

CVSS:5.9(Medium)

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

CWE-3592024

CVE-2025-0683

HIGH

CVSS:5.9(Medium)

In its default configuration, Contec Health CMS8000 Patient Monitor transmits plain-text patient data to a hard-coded public IP address when a patient is hooked up to the monitor. This could lead to a...

CWE-3592025

CVE-2025-27080

MEDIUM

CVSS:6.0(Medium)

Vulnerabilities in the command line interface of AOS-CX could allow an authenticated remote attacker to expose sensitive information. Successful exploitation could allow an attacker to gain unauthoriz...

CWE-3592025

CVE-2022-24719

MEDIUM

CVSS:6.1(Medium)

Fluture-Node is a FP-style HTTP and streaming utils for Node based on Fluture. Using `followRedirects` or `followRedirectsWith` with any of the redirection strategies built into fluture-node 4.0.0 or ...

CWE-3592022

CVE-2023-44156

MEDIUM

CVSS:5.7(Medium)

Sensitive information disclosure due to spell-jacking. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.

CWE-3592023

CVE-2024-49386

MEDIUM

CVSS:5.7(Medium)

Sensitive information disclosure due to spell-jacking. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.

CWE-3592024