The latest update P021 for SIMATIC WinCC OA V3.14 fixes a vulnerability that could allow an unauthenticated remote user to escalate its privileges in the context of SIMATIC WinCC OA V3.14.
This vulnerability affects SIMATIC WinCC OA V3.14 and prior. SIMATIC WinCC OA V3.15 and V3.16 are not affected by this vulnerability.
More details regarding this vulnerability are available in this Siemens Security Advisory from ProductCERT: https://cert-portal.siemens.com/product ... 346256.pdf
The corresponding SIMATIC WinCC OA Security Guideline for Version 3.14 has also been updated to obtain a secured SIMATIC WinCC OA environment:
https://portal.etm.at/index.php?option= ... &Itemid=81