SIMATIC WinCC Open Architecture (OA) is part of the SIMATIC HMI family. It is designed for applications requiring a high degree of customer-specific adaptability, large or complex applications, and projects requiring specific system requirements or functionality.A parameter injection vulnerability exists in the Siemens SIMATIC WinCC OA Ultralight Client due to an affected component allowing the injection of custom parameters into the Ultralight Client under certain circumstances. backend applications to inject custom parameters. The vulnerability allows an authenticated remote attacker to inject arbitrary parameters when launching the client via the web interface (e.g., using the attackerβs credentials to open a panel of the attackerβs choice or launch a Ctrl script).