Siemens SIMATIC WinCC OA Ultralight Client Parameter Injection Vulnerability

SIMATIC WinCC Open Architecture (OA) is part of the SIMATIC HMI family. It is designed for applications requiring a high degree of customer-specific adaptability, large or complex applications, and projects requiring specific system requirements or functionality.A parameter injection vulnerability exists in the Siemens SIMATIC WinCC OA Ultralight Client due to an affected component allowing the injection of custom parameters into the Ultralight Client under certain circumstances. backend applications to inject custom parameters. The vulnerability allows an authenticated remote attacker to inject arbitrary parameters when launching the client via the web interface (e.g., using the attacker’s credentials to open a panel of the attacker’s choice or launch a Ctrl script).