Unquoted Windows search path vulnerability in Siemens SIMATIC WinCC before 7.0 SP2 Upd 12, 7.0 SP3 before Upd 8, and 7.2 through 7.4; SIMATIC WinCC (TIA Portal) Basic, Comfort, Advanced before 14; SIMATIC WinCC Runtime Professional; SIMATIC WinCC (TIA Portal) Professional; SIMATIC STEP 7 5.x; SIMATIC STEP 7 (TIA Portal) before 14; SIMATIC NET PC-Software before 14; TeleControl Server Basic before 3.0 SP2; SINEMA Server before 13 SP2; SIMATIC PCS 7 through 8.2; SINEMA Remote Connect Client; SIMATIC WinAC RTX 2010 SP2; SIMATIC WinAC RTX F 2010 SP2; SIMATIC IT Production Suite; SOFTNET Security Client 5.0; SIMIT 9.0; Security Configuration Tool (SCT); and Primary Setup Tool (PST), when the installation does not use the %PROGRAMFILES% directory, might allow local users to gain privileges via a Trojan horse executable file.

Unquoted Windows search path vulnerability in Siemens SIMATIC WinCC V7.0 SP2 before Upd 12, V7.0 SP3 before Upd 8, V7.2 before Upd 14, V7.3 before Upd 11 and V7.4 before SP1; SIMATIC STEP 7 V5.x before V5.5 SP4 HF11; SIMATIC PCS 7 through V8.2; SIMATIC WinCC Runtime Professional V13 before SP2 and V14 before SP1; SIMATIC WinCC (TIA Portal) Professional V13 before SP2 and V14 before SP1; SIMATIC WinCC (TIA Portal) Basic, Comfort, Advanced before 14; SIMATIC STEP 7 (TIA Portal) V13 before SP2; SIMATIC NET PC-Software before V14; SINEMA Remote Connect Client; SINEMA Server before V13 SP2; SIMATIC WinAC RTX 2010 SP2; SIMATIC WinAC RTX F 2010 SP2; SIMATIC IT Production Suite before V7.0 SP1 HFX 2; TeleControl Server Basic before 3.0 SP2; SOFTNET Security Client 5.0; SIMIT V9.0 before SP1; Security Configuration Tool (SCT) before V4.3 HF1; and Primary Setup Tool (PST), when the installation does not use the %PROGRAMFILES% directory, might allow local users to gain privileges via a Trojan horse executable file.