Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-52051 (GCVE-0-2024-52051)
Vulnerability from cvelistv5 – Published: 2024-12-10 13:53 – Updated: 2025-12-09 10:44
VLAI?
EPSS
Summary
A vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All versions), SIMATIC S7-PLCSIM V18 (All versions), SIMATIC STEP 7 Safety V17 (All versions < V17 Update 9), SIMATIC STEP 7 Safety V18 (All versions), SIMATIC STEP 7 Safety V19 (All versions < V19 Update 4), SIMATIC STEP 7 V17 (All versions < V17 Update 9), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions < V19 Update 4), SIMATIC WinCC Unified PC Runtime V18 (All versions), SIMATIC WinCC Unified PC Runtime V19 (All versions < V19 Update 4), SIMATIC WinCC Unified V17 (All versions < V17 Update 9), SIMATIC WinCC Unified V18 (All versions), SIMATIC WinCC Unified V19 (All versions < V19 Update 4), SIMATIC WinCC V17 (All versions < V17 Update 9), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions < V19 Update 4), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA V5.5 (All versions), SIMOTION SCOUT TIA V5.6 (All versions < V5.6 SP1 HF7), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SINAMICS Startdrive V19 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Safety ES V19 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions), TIA Portal Cloud V17 (All versions), TIA Portal Cloud V18 (All versions), TIA Portal Cloud V19 (All versions < V5.2.1.1). The affected devices do not properly sanitize user-controllable input when parsing user settings. This could allow an attacker to locally execute arbitrary commands in the host operating system with the privileges of the user.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
Impacted products
34 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | SIMATIC S7-PLCSIM V17 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC S7-PLCSIM V18 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC STEP 7 Safety V17 |
Affected:
0 , < V17 Update 9
(custom)
|
|
| Siemens | SIMATIC STEP 7 Safety V18 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC STEP 7 Safety V19 |
Affected:
0 , < V19 Update 4
(custom)
|
|
| Siemens | SIMATIC STEP 7 V17 |
Affected:
0 , < V17 Update 9
(custom)
|
|
| Siemens | SIMATIC STEP 7 V18 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC STEP 7 V19 |
Affected:
0 , < V19 Update 4
(custom)
|
|
| Siemens | SIMATIC WinCC Unified PC Runtime V18 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC WinCC Unified PC Runtime V19 |
Affected:
0 , < V19 Update 4
(custom)
|
|
| Siemens | SIMATIC WinCC Unified V17 |
Affected:
0 , < V17 Update 9
(custom)
|
|
| Siemens | SIMATIC WinCC Unified V18 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC WinCC Unified V19 |
Affected:
0 , < V19 Update 4
(custom)
|
|
| Siemens | SIMATIC WinCC V17 |
Affected:
0 , < V17 Update 9
(custom)
|
|
| Siemens | SIMATIC WinCC V18 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC WinCC V19 |
Affected:
0 , < V19 Update 4
(custom)
|
|
| Siemens | SIMOCODE ES V17 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMOCODE ES V18 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMOCODE ES V19 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMOTION SCOUT TIA V5.4 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMOTION SCOUT TIA V5.5 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMOTION SCOUT TIA V5.6 |
Affected:
0 , < V5.6 SP1 HF7
(custom)
|
|
| Siemens | SINAMICS Startdrive V17 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SINAMICS Startdrive V18 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SINAMICS Startdrive V19 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIRIUS Safety ES V17 (TIA Portal) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIRIUS Safety ES V18 (TIA Portal) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIRIUS Safety ES V19 (TIA Portal) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIRIUS Soft Starter ES V17 (TIA Portal) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIRIUS Soft Starter ES V18 (TIA Portal) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIRIUS Soft Starter ES V19 (TIA Portal) |
Affected:
0 , < *
(custom)
|
|
| Siemens | TIA Portal Cloud V17 |
Affected:
0 , < *
(custom)
|
|
| Siemens | TIA Portal Cloud V18 |
Affected:
0 , < *
(custom)
|
|
| Siemens | TIA Portal Cloud V19 |
Affected:
0 , < V5.2.1.1
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52051",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-11T17:13:19.265210Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T17:13:31.936Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-PLCSIM V17",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-PLCSIM V18",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC STEP 7 Safety V17",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V17 Update 9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC STEP 7 Safety V18",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC STEP 7 Safety V19",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V19 Update 4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC STEP 7 V17",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V17 Update 9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC STEP 7 V18",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC STEP 7 V19",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V19 Update 4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC Unified PC Runtime V18",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC Unified PC Runtime V19",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V19 Update 4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC Unified V17",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V17 Update 9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC Unified V18",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC Unified V19",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V19 Update 4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC V17",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V17 Update 9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC V18",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC V19",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V19 Update 4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMOCODE ES V17",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMOCODE ES V18",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMOCODE ES V19",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMOTION SCOUT TIA V5.4",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMOTION SCOUT TIA V5.5",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMOTION SCOUT TIA V5.6",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.6 SP1 HF7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS Startdrive V17",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS Startdrive V18",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS Startdrive V19",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIRIUS Safety ES V17 (TIA Portal)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIRIUS Safety ES V18 (TIA Portal)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIRIUS Safety ES V19 (TIA Portal)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIRIUS Soft Starter ES V17 (TIA Portal)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIRIUS Soft Starter ES V18 (TIA Portal)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIRIUS Soft Starter ES V19 (TIA Portal)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "TIA Portal Cloud V17",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "TIA Portal Cloud V18",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "TIA Portal Cloud V19",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.2.1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All versions), SIMATIC S7-PLCSIM V18 (All versions), SIMATIC STEP 7 Safety V17 (All versions \u003c V17 Update 9), SIMATIC STEP 7 Safety V18 (All versions), SIMATIC STEP 7 Safety V19 (All versions \u003c V19 Update 4), SIMATIC STEP 7 V17 (All versions \u003c V17 Update 9), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions \u003c V19 Update 4), SIMATIC WinCC Unified PC Runtime V18 (All versions), SIMATIC WinCC Unified PC Runtime V19 (All versions \u003c V19 Update 4), SIMATIC WinCC Unified V17 (All versions \u003c V17 Update 9), SIMATIC WinCC Unified V18 (All versions), SIMATIC WinCC Unified V19 (All versions \u003c V19 Update 4), SIMATIC WinCC V17 (All versions \u003c V17 Update 9), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions \u003c V19 Update 4), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA V5.5 (All versions), SIMOTION SCOUT TIA V5.6 (All versions \u003c V5.6 SP1 HF7), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SINAMICS Startdrive V19 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Safety ES V19 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions), TIA Portal Cloud V17 (All versions), TIA Portal Cloud V18 (All versions), TIA Portal Cloud V19 (All versions \u003c V5.2.1.1). The affected devices do not properly sanitize user-controllable input when parsing user settings. This could allow an attacker to locally execute arbitrary commands in the host operating system with the privileges of the user."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T10:44:11.357Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-392859.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-52051",
"datePublished": "2024-12-10T13:53:57.576Z",
"dateReserved": "2024-11-05T16:27:26.648Z",
"dateUpdated": "2025-12-09T10:44:11.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-52051",
"date": "2026-05-19",
"epss": "0.00103",
"percentile": "0.27631"
},
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All versions), SIMATIC S7-PLCSIM V18 (All versions), SIMATIC STEP 7 Safety V17 (All versions), SIMATIC STEP 7 Safety V18 (All versions), SIMATIC STEP 7 Safety V19 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions), SIMATIC WinCC Unified PC Runtime V18 (All versions), SIMATIC WinCC Unified PC Runtime V19 (All versions), SIMATIC WinCC Unified V17 (All versions), SIMATIC WinCC Unified V18 (All versions), SIMATIC WinCC Unified V19 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOTION SCOUT TIA V5.4 SP3 (All versions), SIMOTION SCOUT TIA V5.5 SP1 (All versions), SIMOTION SCOUT TIA V5.6 SP1 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SINAMICS Startdrive V19 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Safety ES V19 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions), TIA Portal Cloud V17 (All versions), TIA Portal Cloud V18 (All versions), TIA Portal Cloud V19 (All versions). The affected devices do not properly sanitize user-controllable input when parsing user settings. This could allow an attacker to locally execute arbitrary commands in the host operating system with the privileges of the user.\"}, {\"lang\": \"es\", \"value\": \"Se ha identificado una vulnerabilidad en SIMATIC S7-PLCSIM V17 (todas las versiones), SIMATIC S7-PLCSIM V18 (todas las versiones), SIMATIC STEP 7 Safety V17 (todas las versiones), SIMATIC STEP 7 Safety V18 (todas las versiones), SIMATIC STEP 7 Safety V19 (todas las versiones), SIMATIC STEP 7 V17 (todas las versiones), SIMATIC STEP 7 V18 (todas las versiones), SIMATIC STEP 7 V19 (todas las versiones), SIMATIC WinCC Unified PC Runtime V18 (todas las versiones), SIMATIC WinCC Unified PC Runtime V19 (todas las versiones), SIMATIC WinCC Unified V17 (todas las versiones), SIMATIC WinCC Unified V18 (todas las versiones), SIMATIC WinCC Unified V19 (todas las versiones), SIMATIC WinCC V17 (todas las versiones), SIMATIC WinCC V18 (todas las versiones), SIMATIC WinCC V19 (todas las versiones), SIMOCODE ES V17 (todas las versiones), SIMOCODE ES V18 (todas las versiones), SIMOCODE ES V19 (Todas las versiones), SIMOTION SCOUT TIA V5.4 SP3 (Todas las versiones), SIMOTION SCOUT TIA V5.5 SP1 (Todas las versiones), SIMOTION SCOUT TIA V5.6 SP1 (Todas las versiones), SINAMICS Startdrive V17 (Todas las versiones), SINAMICS Startdrive V18 (Todas las versiones), SINAMICS Startdrive V19 (Todas las versiones), SIRIUS Safety ES V17 (TIA Portal) (Todas las versiones), SIRIUS Safety ES V18 (TIA Portal) (Todas las versiones), SIRIUS Safety ES V19 (TIA Portal) (Todas las versiones), SIRIUS Soft Starter ES V17 (TIA Portal) (Todas las versiones), SIRIUS Soft Starter ES V18 (TIA Portal) (Todas las versiones), SIRIUS Soft Starter ES V19 (TIA Portal) (Todas las versiones), TIA Portal Cloud V17 (Todas las versiones), TIA Portal Cloud V18 (Todas las versiones), TIA Portal Cloud V19 (Todas las versiones). Los dispositivos afectados no desinfectan correctamente la entrada controlable por el usuario al analizar la configuraci\\u00f3n del usuario. Esto podr\\u00eda permitir que un atacante ejecute localmente comandos arbitrarios en el sistema operativo host con los privilegios del usuario.\"}]",
"id": "CVE-2024-52051",
"lastModified": "2024-12-10T14:30:44.957",
"metrics": "{\"cvssMetricV40\": [{\"source\": \"productcert@siemens.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"4.0\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\", \"baseScore\": 7.0, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"PASSIVE\", \"vulnerableSystemConfidentiality\": \"HIGH\", \"vulnerableSystemIntegrity\": \"HIGH\", \"vulnerableSystemAvailability\": \"HIGH\", \"subsequentSystemConfidentiality\": \"NONE\", \"subsequentSystemIntegrity\": \"NONE\", \"subsequentSystemAvailability\": \"NONE\", \"exploitMaturity\": \"NOT_DEFINED\", \"confidentialityRequirements\": \"NOT_DEFINED\", \"integrityRequirements\": \"NOT_DEFINED\", \"availabilityRequirements\": \"NOT_DEFINED\", \"modifiedAttackVector\": \"NOT_DEFINED\", \"modifiedAttackComplexity\": \"NOT_DEFINED\", \"modifiedAttackRequirements\": \"NOT_DEFINED\", \"modifiedPrivilegesRequired\": \"NOT_DEFINED\", \"modifiedUserInteraction\": \"NOT_DEFINED\", \"modifiedVulnerableSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedVulnerableSystemIntegrity\": \"NOT_DEFINED\", \"modifiedVulnerableSystemAvailability\": \"NOT_DEFINED\", \"modifiedSubsequentSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedSubsequentSystemIntegrity\": \"NOT_DEFINED\", \"modifiedSubsequentSystemAvailability\": \"NOT_DEFINED\", \"safety\": \"NOT_DEFINED\", \"automatable\": \"NOT_DEFINED\", \"recovery\": \"NOT_DEFINED\", \"valueDensity\": \"NOT_DEFINED\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\"}}], \"cvssMetricV31\": [{\"source\": \"productcert@siemens.com\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.3, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.3, \"impactScore\": 5.9}]}",
"published": "2024-12-10T14:30:44.957",
"references": "[{\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-392859.html\", \"source\": \"productcert@siemens.com\"}]",
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"productcert@siemens.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-52051\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2024-12-10T14:30:44.957\",\"lastModified\":\"2025-12-09T16:17:28.113\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All versions), SIMATIC S7-PLCSIM V18 (All versions), SIMATIC STEP 7 Safety V17 (All versions \u003c V17 Update 9), SIMATIC STEP 7 Safety V18 (All versions), SIMATIC STEP 7 Safety V19 (All versions \u003c V19 Update 4), SIMATIC STEP 7 V17 (All versions \u003c V17 Update 9), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions \u003c V19 Update 4), SIMATIC WinCC Unified PC Runtime V18 (All versions), SIMATIC WinCC Unified PC Runtime V19 (All versions \u003c V19 Update 4), SIMATIC WinCC Unified V17 (All versions \u003c V17 Update 9), SIMATIC WinCC Unified V18 (All versions), SIMATIC WinCC Unified V19 (All versions \u003c V19 Update 4), SIMATIC WinCC V17 (All versions \u003c V17 Update 9), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions \u003c V19 Update 4), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA V5.5 (All versions), SIMOTION SCOUT TIA V5.6 (All versions \u003c V5.6 SP1 HF7), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SINAMICS Startdrive V19 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Safety ES V19 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions), TIA Portal Cloud V17 (All versions), TIA Portal Cloud V18 (All versions), TIA Portal Cloud V19 (All versions \u003c V5.2.1.1). The affected devices do not properly sanitize user-controllable input when parsing user settings. This could allow an attacker to locally execute arbitrary commands in the host operating system with the privileges of the user.\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una vulnerabilidad en SIMATIC S7-PLCSIM V17 (todas las versiones), SIMATIC S7-PLCSIM V18 (todas las versiones), SIMATIC STEP 7 Safety V17 (todas las versiones), SIMATIC STEP 7 Safety V18 (todas las versiones), SIMATIC STEP 7 Safety V19 (todas las versiones), SIMATIC STEP 7 V17 (todas las versiones), SIMATIC STEP 7 V18 (todas las versiones), SIMATIC STEP 7 V19 (todas las versiones), SIMATIC WinCC Unified PC Runtime V18 (todas las versiones), SIMATIC WinCC Unified PC Runtime V19 (todas las versiones), SIMATIC WinCC Unified V17 (todas las versiones), SIMATIC WinCC Unified V18 (todas las versiones), SIMATIC WinCC Unified V19 (todas las versiones), SIMATIC WinCC V17 (todas las versiones), SIMATIC WinCC V18 (todas las versiones), SIMATIC WinCC V19 (todas las versiones), SIMOCODE ES V17 (todas las versiones), SIMOCODE ES V18 (todas las versiones), SIMOCODE ES V19 (Todas las versiones), SIMOTION SCOUT TIA V5.4 SP3 (Todas las versiones), SIMOTION SCOUT TIA V5.5 SP1 (Todas las versiones), SIMOTION SCOUT TIA V5.6 SP1 (Todas las versiones), SINAMICS Startdrive V17 (Todas las versiones), SINAMICS Startdrive V18 (Todas las versiones), SINAMICS Startdrive V19 (Todas las versiones), SIRIUS Safety ES V17 (TIA Portal) (Todas las versiones), SIRIUS Safety ES V18 (TIA Portal) (Todas las versiones), SIRIUS Safety ES V19 (TIA Portal) (Todas las versiones), SIRIUS Soft Starter ES V17 (TIA Portal) (Todas las versiones), SIRIUS Soft Starter ES V18 (TIA Portal) (Todas las versiones), SIRIUS Soft Starter ES V19 (TIA Portal) (Todas las versiones), TIA Portal Cloud V17 (Todas las versiones), TIA Portal Cloud V18 (Todas las versiones), TIA Portal Cloud V19 (Todas las versiones). Los dispositivos afectados no desinfectan correctamente la entrada controlable por el usuario al analizar la configuraci\u00f3n del usuario. Esto podr\u00eda permitir que un atacante ejecute localmente comandos arbitrarios en el sistema operativo host con los privilegios del usuario.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":7.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"PASSIVE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.3,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-392859.html\",\"source\":\"productcert@siemens.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-52051\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-12-11T17:13:19.265210Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-12-11T17:13:27.567Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 7.3, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C\"}}, {\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 7, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\"}}], \"affected\": [{\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-PLCSIM V17\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-PLCSIM V18\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC STEP 7 Safety V17\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V17 Update 9\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC STEP 7 Safety V18\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC STEP 7 Safety V19\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V19 Update 4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC STEP 7 V17\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V17 Update 9\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC STEP 7 V18\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC STEP 7 V19\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V19 Update 4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC WinCC Unified PC Runtime V18\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC WinCC Unified PC Runtime V19\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V19 Update 4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC WinCC Unified V17\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V17 Update 9\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC WinCC Unified V18\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC WinCC Unified V19\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V19 Update 4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC WinCC V17\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V17 Update 9\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC WinCC V18\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC WinCC V19\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V19 Update 4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMOCODE ES V17\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMOCODE ES V18\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMOCODE ES V19\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMOTION SCOUT TIA V5.4\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMOTION SCOUT TIA V5.5\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMOTION SCOUT TIA V5.6\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V5.6 SP1 HF7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SINAMICS Startdrive V17\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SINAMICS Startdrive V18\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SINAMICS Startdrive V19\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIRIUS Safety ES V17 (TIA Portal)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIRIUS Safety ES V18 (TIA Portal)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIRIUS Safety ES V19 (TIA Portal)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIRIUS Soft Starter ES V17 (TIA Portal)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIRIUS Soft Starter ES V18 (TIA Portal)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIRIUS Soft Starter ES V19 (TIA Portal)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"TIA Portal Cloud V17\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"TIA Portal Cloud V18\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"TIA Portal Cloud V19\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V5.2.1.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"references\": [{\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-392859.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All versions), SIMATIC S7-PLCSIM V18 (All versions), SIMATIC STEP 7 Safety V17 (All versions \u003c V17 Update 9), SIMATIC STEP 7 Safety V18 (All versions), SIMATIC STEP 7 Safety V19 (All versions \u003c V19 Update 4), SIMATIC STEP 7 V17 (All versions \u003c V17 Update 9), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions \u003c V19 Update 4), SIMATIC WinCC Unified PC Runtime V18 (All versions), SIMATIC WinCC Unified PC Runtime V19 (All versions \u003c V19 Update 4), SIMATIC WinCC Unified V17 (All versions \u003c V17 Update 9), SIMATIC WinCC Unified V18 (All versions), SIMATIC WinCC Unified V19 (All versions \u003c V19 Update 4), SIMATIC WinCC V17 (All versions \u003c V17 Update 9), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions \u003c V19 Update 4), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA V5.5 (All versions), SIMOTION SCOUT TIA V5.6 (All versions \u003c V5.6 SP1 HF7), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SINAMICS Startdrive V19 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Safety ES V19 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions), TIA Portal Cloud V17 (All versions), TIA Portal Cloud V18 (All versions), TIA Portal Cloud V19 (All versions \u003c V5.2.1.1). The affected devices do not properly sanitize user-controllable input when parsing user settings. This could allow an attacker to locally execute arbitrary commands in the host operating system with the privileges of the user.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20: Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"cec7a2ec-15b4-4faf-bd53-b40f371f3a77\", \"shortName\": \"siemens\", \"dateUpdated\": \"2025-12-09T10:44:11.357Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-52051\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-09T10:44:11.357Z\", \"dateReserved\": \"2024-11-05T16:27:26.648Z\", \"assignerOrgId\": \"cec7a2ec-15b4-4faf-bd53-b40f371f3a77\", \"datePublished\": \"2024-12-10T13:53:57.576Z\", \"assignerShortName\": \"siemens\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CERTFR-2024-AVI-1062
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un contournement de la politique de sécurité et un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | SIMATIC STEP 7 V18 toutes versions pour la vulnérabilité CVE-2024-52051 | ||
| Siemens | N/A | SIMATIC S7-PLCSIM V18 toutes versions pour la vulnérabilité CVE-2024-52051 | ||
| Siemens | N/A | SIRIUS Safety ES V17 (TIA Portal) toutes versions pour la vulnérabilité CVE-2024-52051 | ||
| Siemens | N/A | SIRIUS Soft Starter ES V18 (TIA Portal) toutes versions pour la vulnérabilité CVE-2024-49849 | ||
| Siemens | N/A | TIA Portal Cloud V18 toutes versions pour la vulnérabilité CVE-2024-52051 | ||
| Siemens | N/A | SIMATIC WinCC Unified V17 toutes versions pour la vulnérabilité CVE-2024-52051 | ||
| Siemens | N/A | SIMATIC STEP 7 Safety V19 toutes versions pour la vulnérabilité CVE-2024-49849 | ||
| Siemens | N/A | SIRIUS Safety ES V18 (TIA Portal) toutes versions pour la vulnérabilité CVE-2024-52051 | ||
| Siemens | N/A | TIA Portal Cloud V19 toutes versions pour la vulnérabilité CVE-2024-49849 | ||
| Siemens | N/A | TIA Portal Cloud V18 toutes versions pour la vulnérabilité CVE-2024-49849 | ||
| Siemens | N/A | SIMATIC STEP 7 V17 toutes versions pour la vulnérabilité CVE-2024-52051 | ||
| Siemens | N/A | SIMATIC STEP 7 V17 toutes versions pour la vulnérabilité CVE-2024-49849 | ||
| Siemens | N/A | SIMATIC STEP 7 V19 toutes versions pour la vulnérabilité CVE-2024-49849 | ||
| Siemens | N/A | SIRIUS Soft Starter ES V18 (TIA Portal) toutes versions pour la vulnérabilité CVE-2024-52051 | ||
| Siemens | N/A | SIMATIC WinCC Unified V16 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-49849. | ||
| Siemens | N/A | SIMATIC WinCC V18 toutes versions pour la vulnérabilité CVE-2024-49849 | ||
| Siemens | N/A | SIRIUS Soft Starter ES V17 (TIA Portal) toutes versions pour la vulnérabilité CVE-2024-52051 | ||
| Siemens | N/A | SIMATIC S7-PLCSIM V17 toutes versions pour la vulnérabilité CVE-2024-52051 | ||
| Siemens | N/A | SIMATIC STEP 7 Safety V17 toutes versions pour la vulnérabilité CVE-2024-52051 | ||
| Siemens | N/A | SIRIUS Soft Starter ES V19 (TIA Portal) toutes versions pour la vulnérabilité CVE-2024-49849 | ||
| Siemens | N/A | TIA Portal Cloud V17 toutes versions pour la vulnérabilité CVE-2024-52051 | ||
| Siemens | N/A | SIMATIC STEP 7 Safety V16 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-49849. | ||
| Siemens | N/A | TIA Portal Cloud V19 toutes versions pour la vulnérabilité CVE-2024-52051 | ||
| Siemens | N/A | SIMATIC WinCC V19 toutes versions pour la vulnérabilité CVE-2024-49849 | ||
| Siemens | N/A | SIMATIC WinCC Unified V18 toutes versions pour la vulnérabilité CVE-2024-49849 | ||
| Siemens | N/A | SIRIUS Safety ES V19 (TIA Portal) toutes versions pour la vulnérabilité CVE-2024-52051 | ||
| Siemens | N/A | SIRIUS Safety ES V19 (TIA Portal) toutes versions pour la vulnérabilité CVE-2024-49849 | ||
| Siemens | N/A | SIMATIC WinCC Unified PC Runtime V18 toutes versions pour la vulnérabilité CVE-2024-52051 | ||
| Siemens | N/A | SIMATIC S7-PLCSIM V17 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-49849. | ||
| Siemens | N/A | SIMATIC STEP 7 V19 toutes versions pour la vulnérabilité CVE-2024-52051 | ||
| Siemens | N/A | SIMATIC WinCC Unified V19 toutes versions pour la vulnérabilité CVE-2024-52051 | ||
| Siemens | N/A | SIMATIC WinCC Unified PC Runtime V19 toutes versions pour la vulnérabilité CVE-2024-52051 | ||
| Siemens | N/A | SIMATIC WinCC V17 toutes versions pour la vulnérabilité CVE-2024-49849 | ||
| Siemens | N/A | SIMATIC WinCC V17 toutes versions pour la vulnérabilité CVE-2024-52051 | ||
| Siemens | N/A | SIMATIC WinCC Unified V17 toutes versions pour la vulnérabilité CVE-2024-49849 | ||
| Siemens | N/A | SIMATIC WinCC V19 toutes versions pour la vulnérabilité CVE-2024-52051 | ||
| Siemens | N/A | SIMATIC STEP 7 V16 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-49849. | ||
| Siemens | N/A | SIRIUS Soft Starter ES V17 (TIA Portal) toutes versions pour la vulnérabilité CVE-2024-49849 | ||
| Siemens | N/A | SIMATIC WinCC V18 toutes versions pour la vulnérabilité CVE-2024-52051 | ||
| Siemens | N/A | SIMATIC S7-PLCSIM V16 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-49849. | ||
| Siemens | N/A | SIMATIC STEP 7 Safety V19 toutes versions pour la vulnérabilité CVE-2024-52051 | ||
| Siemens | N/A | SIRIUS Soft Starter ES V19 (TIA Portal) toutes versions pour la vulnérabilité CVE-2024-52051 | ||
| Siemens | N/A | SIRIUS Safety ES V18 (TIA Portal) toutes versions pour la vulnérabilité CVE-2024-49849 | ||
| Siemens | N/A | SIMATIC WinCC Unified V19 toutes versions pour la vulnérabilité CVE-2024-49849 | ||
| Siemens | N/A | SIRIUS Safety ES V17 (TIA Portal) toutes versions pour la vulnérabilité CVE-2024-49849 | ||
| Siemens | N/A | CPCI85 Central Processing/Communication versions antérieures à V05.30 | ||
| Siemens | N/A | SIMATIC STEP 7 V18 toutes versions pour la vulnérabilité CVE-2024-49849 | ||
| Siemens | N/A | SIMATIC STEP 7 Safety V18 toutes versions pour la vulnérabilité CVE-2024-52051 | ||
| Siemens | N/A | SIMATIC STEP 7 Safety V17 toutes versions pour la vulnérabilité CVE-2024-49849 | ||
| Siemens | N/A | SIMATIC WinCC V16 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-49849. | ||
| Siemens | N/A | TIA Portal Cloud V17 toutes versions pour la vulnérabilité CVE-2024-49849 | ||
| Siemens | N/A | SIMATIC WinCC Unified V18 toutes versions pour la vulnérabilité CVE-2024-52051 | ||
| Siemens | N/A | SIMATIC STEP 7 Safety V18 toutes versions pour la vulnérabilité CVE-2024-49849 | ||
| Siemens | N/A | TIA Portal Cloud V16 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-49849. |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SIMATIC STEP 7 V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-PLCSIM V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIRIUS Safety ES V17 (TIA Portal) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIRIUS Soft Starter ES V18 (TIA Portal) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Portal Cloud V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Unified V17 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 Safety V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIRIUS Safety ES V18 (TIA Portal) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Portal Cloud V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Portal Cloud V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 V17 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 V17 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIRIUS Soft Starter ES V18 (TIA Portal) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Unified V16 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849.",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIRIUS Soft Starter ES V17 (TIA Portal) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-PLCSIM V17 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 Safety V17 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIRIUS Soft Starter ES V19 (TIA Portal) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Portal Cloud V17 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 Safety V16 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849.",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Portal Cloud V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Unified V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIRIUS Safety ES V19 (TIA Portal) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIRIUS Safety ES V19 (TIA Portal) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Unified PC Runtime V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-PLCSIM V17 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849.",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Unified V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Unified PC Runtime V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V17 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V17 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Unified V17 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 V16 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849.",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIRIUS Soft Starter ES V17 (TIA Portal) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-PLCSIM V16 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849.",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 Safety V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIRIUS Soft Starter ES V19 (TIA Portal) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIRIUS Safety ES V18 (TIA Portal) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Unified V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIRIUS Safety ES V17 (TIA Portal) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "CPCI85 Central Processing/Communication versions ant\u00e9rieures \u00e0 V05.30",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 Safety V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 Safety V17 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V16 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849.",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Portal Cloud V17 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Unified V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 Safety V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Portal Cloud V16 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849.",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-52051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52051"
},
{
"name": "CVE-2024-53832",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53832"
},
{
"name": "CVE-2024-49849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49849"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-1062",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-12-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Siemens. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, un contournement de la politique de s\u00e9curit\u00e9 et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": "2024-12-10",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-800126",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-800126.html"
},
{
"published_at": "2024-12-10",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-392859",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-392859.html"
},
{
"published_at": "2024-12-10",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-128393",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-128393.html"
}
]
}
CERTFR-2024-AVI-1062
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un contournement de la politique de sécurité et un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | SIMATIC STEP 7 V18 toutes versions pour la vulnérabilité CVE-2024-52051 | ||
| Siemens | N/A | SIMATIC S7-PLCSIM V18 toutes versions pour la vulnérabilité CVE-2024-52051 | ||
| Siemens | N/A | SIRIUS Safety ES V17 (TIA Portal) toutes versions pour la vulnérabilité CVE-2024-52051 | ||
| Siemens | N/A | SIRIUS Soft Starter ES V18 (TIA Portal) toutes versions pour la vulnérabilité CVE-2024-49849 | ||
| Siemens | N/A | TIA Portal Cloud V18 toutes versions pour la vulnérabilité CVE-2024-52051 | ||
| Siemens | N/A | SIMATIC WinCC Unified V17 toutes versions pour la vulnérabilité CVE-2024-52051 | ||
| Siemens | N/A | SIMATIC STEP 7 Safety V19 toutes versions pour la vulnérabilité CVE-2024-49849 | ||
| Siemens | N/A | SIRIUS Safety ES V18 (TIA Portal) toutes versions pour la vulnérabilité CVE-2024-52051 | ||
| Siemens | N/A | TIA Portal Cloud V19 toutes versions pour la vulnérabilité CVE-2024-49849 | ||
| Siemens | N/A | TIA Portal Cloud V18 toutes versions pour la vulnérabilité CVE-2024-49849 | ||
| Siemens | N/A | SIMATIC STEP 7 V17 toutes versions pour la vulnérabilité CVE-2024-52051 | ||
| Siemens | N/A | SIMATIC STEP 7 V17 toutes versions pour la vulnérabilité CVE-2024-49849 | ||
| Siemens | N/A | SIMATIC STEP 7 V19 toutes versions pour la vulnérabilité CVE-2024-49849 | ||
| Siemens | N/A | SIRIUS Soft Starter ES V18 (TIA Portal) toutes versions pour la vulnérabilité CVE-2024-52051 | ||
| Siemens | N/A | SIMATIC WinCC Unified V16 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-49849. | ||
| Siemens | N/A | SIMATIC WinCC V18 toutes versions pour la vulnérabilité CVE-2024-49849 | ||
| Siemens | N/A | SIRIUS Soft Starter ES V17 (TIA Portal) toutes versions pour la vulnérabilité CVE-2024-52051 | ||
| Siemens | N/A | SIMATIC S7-PLCSIM V17 toutes versions pour la vulnérabilité CVE-2024-52051 | ||
| Siemens | N/A | SIMATIC STEP 7 Safety V17 toutes versions pour la vulnérabilité CVE-2024-52051 | ||
| Siemens | N/A | SIRIUS Soft Starter ES V19 (TIA Portal) toutes versions pour la vulnérabilité CVE-2024-49849 | ||
| Siemens | N/A | TIA Portal Cloud V17 toutes versions pour la vulnérabilité CVE-2024-52051 | ||
| Siemens | N/A | SIMATIC STEP 7 Safety V16 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-49849. | ||
| Siemens | N/A | TIA Portal Cloud V19 toutes versions pour la vulnérabilité CVE-2024-52051 | ||
| Siemens | N/A | SIMATIC WinCC V19 toutes versions pour la vulnérabilité CVE-2024-49849 | ||
| Siemens | N/A | SIMATIC WinCC Unified V18 toutes versions pour la vulnérabilité CVE-2024-49849 | ||
| Siemens | N/A | SIRIUS Safety ES V19 (TIA Portal) toutes versions pour la vulnérabilité CVE-2024-52051 | ||
| Siemens | N/A | SIRIUS Safety ES V19 (TIA Portal) toutes versions pour la vulnérabilité CVE-2024-49849 | ||
| Siemens | N/A | SIMATIC WinCC Unified PC Runtime V18 toutes versions pour la vulnérabilité CVE-2024-52051 | ||
| Siemens | N/A | SIMATIC S7-PLCSIM V17 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-49849. | ||
| Siemens | N/A | SIMATIC STEP 7 V19 toutes versions pour la vulnérabilité CVE-2024-52051 | ||
| Siemens | N/A | SIMATIC WinCC Unified V19 toutes versions pour la vulnérabilité CVE-2024-52051 | ||
| Siemens | N/A | SIMATIC WinCC Unified PC Runtime V19 toutes versions pour la vulnérabilité CVE-2024-52051 | ||
| Siemens | N/A | SIMATIC WinCC V17 toutes versions pour la vulnérabilité CVE-2024-49849 | ||
| Siemens | N/A | SIMATIC WinCC V17 toutes versions pour la vulnérabilité CVE-2024-52051 | ||
| Siemens | N/A | SIMATIC WinCC Unified V17 toutes versions pour la vulnérabilité CVE-2024-49849 | ||
| Siemens | N/A | SIMATIC WinCC V19 toutes versions pour la vulnérabilité CVE-2024-52051 | ||
| Siemens | N/A | SIMATIC STEP 7 V16 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-49849. | ||
| Siemens | N/A | SIRIUS Soft Starter ES V17 (TIA Portal) toutes versions pour la vulnérabilité CVE-2024-49849 | ||
| Siemens | N/A | SIMATIC WinCC V18 toutes versions pour la vulnérabilité CVE-2024-52051 | ||
| Siemens | N/A | SIMATIC S7-PLCSIM V16 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-49849. | ||
| Siemens | N/A | SIMATIC STEP 7 Safety V19 toutes versions pour la vulnérabilité CVE-2024-52051 | ||
| Siemens | N/A | SIRIUS Soft Starter ES V19 (TIA Portal) toutes versions pour la vulnérabilité CVE-2024-52051 | ||
| Siemens | N/A | SIRIUS Safety ES V18 (TIA Portal) toutes versions pour la vulnérabilité CVE-2024-49849 | ||
| Siemens | N/A | SIMATIC WinCC Unified V19 toutes versions pour la vulnérabilité CVE-2024-49849 | ||
| Siemens | N/A | SIRIUS Safety ES V17 (TIA Portal) toutes versions pour la vulnérabilité CVE-2024-49849 | ||
| Siemens | N/A | CPCI85 Central Processing/Communication versions antérieures à V05.30 | ||
| Siemens | N/A | SIMATIC STEP 7 V18 toutes versions pour la vulnérabilité CVE-2024-49849 | ||
| Siemens | N/A | SIMATIC STEP 7 Safety V18 toutes versions pour la vulnérabilité CVE-2024-52051 | ||
| Siemens | N/A | SIMATIC STEP 7 Safety V17 toutes versions pour la vulnérabilité CVE-2024-49849 | ||
| Siemens | N/A | SIMATIC WinCC V16 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-49849. | ||
| Siemens | N/A | TIA Portal Cloud V17 toutes versions pour la vulnérabilité CVE-2024-49849 | ||
| Siemens | N/A | SIMATIC WinCC Unified V18 toutes versions pour la vulnérabilité CVE-2024-52051 | ||
| Siemens | N/A | SIMATIC STEP 7 Safety V18 toutes versions pour la vulnérabilité CVE-2024-49849 | ||
| Siemens | N/A | TIA Portal Cloud V16 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-49849. |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SIMATIC STEP 7 V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-PLCSIM V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIRIUS Safety ES V17 (TIA Portal) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIRIUS Soft Starter ES V18 (TIA Portal) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Portal Cloud V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Unified V17 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 Safety V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIRIUS Safety ES V18 (TIA Portal) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Portal Cloud V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Portal Cloud V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 V17 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 V17 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIRIUS Soft Starter ES V18 (TIA Portal) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Unified V16 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849.",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIRIUS Soft Starter ES V17 (TIA Portal) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-PLCSIM V17 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 Safety V17 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIRIUS Soft Starter ES V19 (TIA Portal) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Portal Cloud V17 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 Safety V16 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849.",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Portal Cloud V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Unified V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIRIUS Safety ES V19 (TIA Portal) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIRIUS Safety ES V19 (TIA Portal) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Unified PC Runtime V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-PLCSIM V17 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849.",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Unified V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Unified PC Runtime V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V17 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V17 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Unified V17 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 V16 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849.",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIRIUS Soft Starter ES V17 (TIA Portal) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-PLCSIM V16 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849.",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 Safety V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIRIUS Soft Starter ES V19 (TIA Portal) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIRIUS Safety ES V18 (TIA Portal) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Unified V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIRIUS Safety ES V17 (TIA Portal) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "CPCI85 Central Processing/Communication versions ant\u00e9rieures \u00e0 V05.30",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 Safety V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 Safety V17 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V16 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849.",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Portal Cloud V17 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Unified V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 Safety V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Portal Cloud V16 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849.",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-52051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52051"
},
{
"name": "CVE-2024-53832",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53832"
},
{
"name": "CVE-2024-49849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49849"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-1062",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-12-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Siemens. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, un contournement de la politique de s\u00e9curit\u00e9 et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": "2024-12-10",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-800126",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-800126.html"
},
{
"published_at": "2024-12-10",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-392859",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-392859.html"
},
{
"published_at": "2024-12-10",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-128393",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-128393.html"
}
]
}
CNVD-2024-47913
Vulnerability from cnvd - Published: 2024-12-12
VLAI Severity ?
Title
Siemens Engineering Platforms本地任意代码执行漏洞
Description
Totally Integrated Automation Portal (TIA Portal)是一款PC软件,可提供西门子数字化自动化服务的完整范围,从数字规划、集成工程到透明操作。
Siemens Engineering Platforms存在本地任意代码执行漏洞,攻击者可利用该漏洞在主机操作系统中本地执行任意命令。
Severity
中
Patch Name
Siemens Engineering Platforms本地任意代码执行漏洞的补丁
Patch Description
Totally Integrated Automation Portal (TIA Portal)是一款PC软件,可提供西门子数字化自动化服务的完整范围,从数字规划、集成工程到透明操作。
Siemens Engineering Platforms存在本地任意代码执行漏洞,攻击者可利用该漏洞在主机操作系统中本地执行任意命令。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
用户可参考如下供应商提供的安全公告获得补丁信息: https://cert-portal.siemens.com/productcert/html/ssa-392859.html
Reference
https://cert-portal.siemens.com/productcert/html/ssa-392859.html
Impacted products
| Name | ['Siemens Totally Integrated Automation Portal (TIA Portal) V17', 'Siemens Totally Integrated Automation Portal (TIA Portal) V18', 'Siemens Totally Integrated Automation Portal (TIA Portal) V19', 'Siemens SIMATIC S7-PLCSIM V17', 'Siemens SIMATIC S7-PLCSIM V18'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2024-52051"
}
},
"description": "Totally Integrated Automation Portal (TIA Portal)\u662f\u4e00\u6b3ePC\u8f6f\u4ef6\uff0c\u53ef\u63d0\u4f9b\u897f\u95e8\u5b50\u6570\u5b57\u5316\u81ea\u52a8\u5316\u670d\u52a1\u7684\u5b8c\u6574\u8303\u56f4\uff0c\u4ece\u6570\u5b57\u89c4\u5212\u3001\u96c6\u6210\u5de5\u7a0b\u5230\u900f\u660e\u64cd\u4f5c\u3002\n\nSiemens Engineering Platforms\u5b58\u5728\u672c\u5730\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u4e3b\u673a\u64cd\u4f5c\u7cfb\u7edf\u4e2d\u672c\u5730\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002",
"formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://cert-portal.siemens.com/productcert/html/ssa-392859.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2024-47913",
"openTime": "2024-12-12",
"patchDescription": "Totally Integrated Automation Portal (TIA Portal)\u662f\u4e00\u6b3ePC\u8f6f\u4ef6\uff0c\u53ef\u63d0\u4f9b\u897f\u95e8\u5b50\u6570\u5b57\u5316\u81ea\u52a8\u5316\u670d\u52a1\u7684\u5b8c\u6574\u8303\u56f4\uff0c\u4ece\u6570\u5b57\u89c4\u5212\u3001\u96c6\u6210\u5de5\u7a0b\u5230\u900f\u660e\u64cd\u4f5c\u3002\r\n\r\nSiemens Engineering Platforms\u5b58\u5728\u672c\u5730\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u4e3b\u673a\u64cd\u4f5c\u7cfb\u7edf\u4e2d\u672c\u5730\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Siemens Engineering Platforms\u672c\u5730\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Siemens Totally Integrated Automation Portal (TIA Portal) V17",
"Siemens Totally Integrated Automation Portal (TIA Portal) V18",
"Siemens Totally Integrated Automation Portal (TIA Portal) V19",
"Siemens SIMATIC S7-PLCSIM V17",
"Siemens SIMATIC S7-PLCSIM V18"
]
},
"referenceLink": "https://cert-portal.siemens.com/productcert/html/ssa-392859.html",
"serverity": "\u4e2d",
"submitTime": "2024-12-11",
"title": "Siemens Engineering Platforms\u672c\u5730\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}
FKIE_CVE-2024-52051
Vulnerability from fkie_nvd - Published: 2024-12-10 14:30 - Updated: 2026-04-15 00:35
Severity ?
Summary
A vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All versions), SIMATIC S7-PLCSIM V18 (All versions), SIMATIC STEP 7 Safety V17 (All versions < V17 Update 9), SIMATIC STEP 7 Safety V18 (All versions), SIMATIC STEP 7 Safety V19 (All versions < V19 Update 4), SIMATIC STEP 7 V17 (All versions < V17 Update 9), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions < V19 Update 4), SIMATIC WinCC Unified PC Runtime V18 (All versions), SIMATIC WinCC Unified PC Runtime V19 (All versions < V19 Update 4), SIMATIC WinCC Unified V17 (All versions < V17 Update 9), SIMATIC WinCC Unified V18 (All versions), SIMATIC WinCC Unified V19 (All versions < V19 Update 4), SIMATIC WinCC V17 (All versions < V17 Update 9), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions < V19 Update 4), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA V5.5 (All versions), SIMOTION SCOUT TIA V5.6 (All versions < V5.6 SP1 HF7), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SINAMICS Startdrive V19 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Safety ES V19 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions), TIA Portal Cloud V17 (All versions), TIA Portal Cloud V18 (All versions), TIA Portal Cloud V19 (All versions < V5.2.1.1). The affected devices do not properly sanitize user-controllable input when parsing user settings. This could allow an attacker to locally execute arbitrary commands in the host operating system with the privileges of the user.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All versions), SIMATIC S7-PLCSIM V18 (All versions), SIMATIC STEP 7 Safety V17 (All versions \u003c V17 Update 9), SIMATIC STEP 7 Safety V18 (All versions), SIMATIC STEP 7 Safety V19 (All versions \u003c V19 Update 4), SIMATIC STEP 7 V17 (All versions \u003c V17 Update 9), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions \u003c V19 Update 4), SIMATIC WinCC Unified PC Runtime V18 (All versions), SIMATIC WinCC Unified PC Runtime V19 (All versions \u003c V19 Update 4), SIMATIC WinCC Unified V17 (All versions \u003c V17 Update 9), SIMATIC WinCC Unified V18 (All versions), SIMATIC WinCC Unified V19 (All versions \u003c V19 Update 4), SIMATIC WinCC V17 (All versions \u003c V17 Update 9), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions \u003c V19 Update 4), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA V5.5 (All versions), SIMOTION SCOUT TIA V5.6 (All versions \u003c V5.6 SP1 HF7), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SINAMICS Startdrive V19 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Safety ES V19 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions), TIA Portal Cloud V17 (All versions), TIA Portal Cloud V18 (All versions), TIA Portal Cloud V19 (All versions \u003c V5.2.1.1). The affected devices do not properly sanitize user-controllable input when parsing user settings. This could allow an attacker to locally execute arbitrary commands in the host operating system with the privileges of the user."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SIMATIC S7-PLCSIM V17 (todas las versiones), SIMATIC S7-PLCSIM V18 (todas las versiones), SIMATIC STEP 7 Safety V17 (todas las versiones), SIMATIC STEP 7 Safety V18 (todas las versiones), SIMATIC STEP 7 Safety V19 (todas las versiones), SIMATIC STEP 7 V17 (todas las versiones), SIMATIC STEP 7 V18 (todas las versiones), SIMATIC STEP 7 V19 (todas las versiones), SIMATIC WinCC Unified PC Runtime V18 (todas las versiones), SIMATIC WinCC Unified PC Runtime V19 (todas las versiones), SIMATIC WinCC Unified V17 (todas las versiones), SIMATIC WinCC Unified V18 (todas las versiones), SIMATIC WinCC Unified V19 (todas las versiones), SIMATIC WinCC V17 (todas las versiones), SIMATIC WinCC V18 (todas las versiones), SIMATIC WinCC V19 (todas las versiones), SIMOCODE ES V17 (todas las versiones), SIMOCODE ES V18 (todas las versiones), SIMOCODE ES V19 (Todas las versiones), SIMOTION SCOUT TIA V5.4 SP3 (Todas las versiones), SIMOTION SCOUT TIA V5.5 SP1 (Todas las versiones), SIMOTION SCOUT TIA V5.6 SP1 (Todas las versiones), SINAMICS Startdrive V17 (Todas las versiones), SINAMICS Startdrive V18 (Todas las versiones), SINAMICS Startdrive V19 (Todas las versiones), SIRIUS Safety ES V17 (TIA Portal) (Todas las versiones), SIRIUS Safety ES V18 (TIA Portal) (Todas las versiones), SIRIUS Safety ES V19 (TIA Portal) (Todas las versiones), SIRIUS Soft Starter ES V17 (TIA Portal) (Todas las versiones), SIRIUS Soft Starter ES V18 (TIA Portal) (Todas las versiones), SIRIUS Soft Starter ES V19 (TIA Portal) (Todas las versiones), TIA Portal Cloud V17 (Todas las versiones), TIA Portal Cloud V18 (Todas las versiones), TIA Portal Cloud V19 (Todas las versiones). Los dispositivos afectados no desinfectan correctamente la entrada controlable por el usuario al analizar la configuraci\u00f3n del usuario. Esto podr\u00eda permitir que un atacante ejecute localmente comandos arbitrarios en el sistema operativo host con los privilegios del usuario."
}
],
"id": "CVE-2024-52051",
"lastModified": "2026-04-15T00:35:42.020",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "productcert@siemens.com",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "productcert@siemens.com",
"type": "Secondary"
}
]
},
"published": "2024-12-10T14:30:44.957",
"references": [
{
"source": "productcert@siemens.com",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-392859.html"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
}
]
}
GHSA-X2QG-388Q-986C
Vulnerability from github – Published: 2024-12-10 15:32 – Updated: 2024-12-10 15:32
VLAI?
Details
A vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All versions), SIMATIC S7-PLCSIM V18 (All versions), SIMATIC STEP 7 Safety V17 (All versions), SIMATIC STEP 7 Safety V18 (All versions), SIMATIC STEP 7 Safety V19 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions), SIMATIC WinCC Unified PC Runtime V18 (All versions), SIMATIC WinCC Unified PC Runtime V19 (All versions), SIMATIC WinCC Unified V17 (All versions), SIMATIC WinCC Unified V18 (All versions), SIMATIC WinCC Unified V19 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOTION SCOUT TIA V5.4 SP3 (All versions), SIMOTION SCOUT TIA V5.5 SP1 (All versions), SIMOTION SCOUT TIA V5.6 SP1 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SINAMICS Startdrive V19 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Safety ES V19 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions), TIA Portal Cloud V17 (All versions), TIA Portal Cloud V18 (All versions), TIA Portal Cloud V19 (All versions). The affected devices do not properly sanitize user-controllable input when parsing user settings. This could allow an attacker to locally execute arbitrary commands in the host operating system with the privileges of the user.
Severity ?
{
"affected": [],
"aliases": [
"CVE-2024-52051"
],
"database_specific": {
"cwe_ids": [
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-10T14:30:44Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All versions), SIMATIC S7-PLCSIM V18 (All versions), SIMATIC STEP 7 Safety V17 (All versions), SIMATIC STEP 7 Safety V18 (All versions), SIMATIC STEP 7 Safety V19 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions), SIMATIC WinCC Unified PC Runtime V18 (All versions), SIMATIC WinCC Unified PC Runtime V19 (All versions), SIMATIC WinCC Unified V17 (All versions), SIMATIC WinCC Unified V18 (All versions), SIMATIC WinCC Unified V19 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOTION SCOUT TIA V5.4 SP3 (All versions), SIMOTION SCOUT TIA V5.5 SP1 (All versions), SIMOTION SCOUT TIA V5.6 SP1 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SINAMICS Startdrive V19 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Safety ES V19 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions), TIA Portal Cloud V17 (All versions), TIA Portal Cloud V18 (All versions), TIA Portal Cloud V19 (All versions). The affected devices do not properly sanitize user-controllable input when parsing user settings. This could allow an attacker to locally execute arbitrary commands in the host operating system with the privileges of the user.",
"id": "GHSA-x2qg-388q-986c",
"modified": "2024-12-10T15:32:31Z",
"published": "2024-12-10T15:32:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52051"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-392859.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
ICSA-24-347-02
Vulnerability from csaf_cisa - Published: 2024-12-10 00:00 - Updated: 2025-12-09 00:00Summary
Siemens Engineering Platforms
Notes
Summary: Affected products contain a local arbitrary code execution vulnerability that could allow an attacker to perform actions against the operation system of that environment.
Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available.
Siemens has released products based on the Totally Integrated Automation Portal (TIA Portal) V20 which are not affected by CVE-2024-52051. See the chapter "Additional Information" below for more details.
General Recommendations: As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources: For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use: The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
Legal Notice and Terms of Use: This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).
Advisory Conversion Disclaimer: This ICSA is a verbatim republication of Siemens ProductCERT SSA-392859 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.
Critical infrastructure sectors: Critical Manufacturing
Countries/areas deployed: Worldwide
Company headquarters location: Germany
Recommended Practices: CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.
Recommended Practices: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices: Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices: When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
CWE-20
- Improper Input Validation
Affected products
Known affected
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-PLCSIM V17
Siemens / SIMATIC S7-PLCSIM V17
|
vers:all/* |
None Available
|
|
|
SIMATIC S7-PLCSIM V18
Siemens / SIMATIC S7-PLCSIM V18
|
vers:all/* |
None Available
|
|
|
SIMATIC STEP 7 Safety V17
Siemens / SIMATIC STEP 7 Safety V17
|
<V17_Update_9 |
Vendor Fix
fix
|
|
|
SIMATIC STEP 7 Safety V18
Siemens / SIMATIC STEP 7 Safety V18
|
vers:all/* |
None Available
|
|
|
SIMATIC STEP 7 Safety V19
Siemens / SIMATIC STEP 7 Safety V19
|
<V19_Update_4 |
Vendor Fix
fix
|
|
|
SIMATIC STEP 7 V17
Siemens / SIMATIC STEP 7 V17
|
<V17_Update_9 |
Vendor Fix
fix
|
|
|
SIMATIC STEP 7 V18
Siemens / SIMATIC STEP 7 V18
|
vers:all/* |
None Available
|
|
|
SIMATIC STEP 7 V19
Siemens / SIMATIC STEP 7 V19
|
<V19_Update_4 |
Vendor Fix
fix
|
|
|
SIMATIC WinCC Unified PC Runtime V18
Siemens / SIMATIC WinCC Unified PC Runtime V18
|
vers:all/* |
None Available
|
|
|
SIMATIC WinCC Unified PC Runtime V19
Siemens / SIMATIC WinCC Unified PC Runtime V19
|
<V19_Update_4 |
Vendor Fix
fix
|
|
|
SIMATIC WinCC Unified V17
Siemens / SIMATIC WinCC Unified V17
|
<V17_Update_9 |
Vendor Fix
fix
|
|
|
SIMATIC WinCC Unified V18
Siemens / SIMATIC WinCC Unified V18
|
vers:all/* |
None Available
|
|
|
SIMATIC WinCC Unified V19
Siemens / SIMATIC WinCC Unified V19
|
<V19_Update_4 |
Vendor Fix
fix
|
|
|
SIMATIC WinCC V17
Siemens / SIMATIC WinCC V17
|
<V17_Update_9 |
Vendor Fix
fix
|
|
|
SIMATIC WinCC V18
Siemens / SIMATIC WinCC V18
|
vers:all/* |
None Available
|
|
|
SIMATIC WinCC V19
Siemens / SIMATIC WinCC V19
|
<V19_Update_4 |
Vendor Fix
fix
|
|
|
SIMOCODE ES V17
Siemens / SIMOCODE ES V17
|
vers:all/* |
None Available
|
|
|
SIMOCODE ES V18
Siemens / SIMOCODE ES V18
|
vers:all/* |
None Available
|
|
|
SIMOCODE ES V19
Siemens / SIMOCODE ES V19
|
vers:all/* |
None Available
|
|
|
SIMOTION SCOUT TIA V5.4
Siemens / SIMOTION SCOUT TIA V5.4
|
vers:all/* |
None Available
|
|
|
SIMOTION SCOUT TIA V5.5
Siemens / SIMOTION SCOUT TIA V5.5
|
vers:all/* |
None Available
|
|
|
SIMOTION SCOUT TIA V5.6
Siemens / SIMOTION SCOUT TIA V5.6
|
<V5.6_SP1_HF7 |
Vendor Fix
fix
|
|
|
SINAMICS Startdrive V17
Siemens / SINAMICS Startdrive V17
|
vers:all/* |
None Available
|
|
|
SINAMICS Startdrive V18
Siemens / SINAMICS Startdrive V18
|
vers:all/* |
None Available
|
|
|
SINAMICS Startdrive V19
Siemens / SINAMICS Startdrive V19
|
vers:all/* |
None Available
|
|
|
SIRIUS Safety ES V17 (TIA Portal)
Siemens / SIRIUS Safety ES V17 (TIA Portal)
|
vers:all/* |
None Available
|
|
|
SIRIUS Safety ES V18 (TIA Portal)
Siemens / SIRIUS Safety ES V18 (TIA Portal)
|
vers:all/* |
None Available
|
|
|
SIRIUS Safety ES V19 (TIA Portal)
Siemens / SIRIUS Safety ES V19 (TIA Portal)
|
vers:all/* |
None Available
|
|
|
SIRIUS Soft Starter ES V17 (TIA Portal)
Siemens / SIRIUS Soft Starter ES V17 (TIA Portal)
|
vers:all/* |
None Available
|
|
|
SIRIUS Soft Starter ES V18 (TIA Portal)
Siemens / SIRIUS Soft Starter ES V18 (TIA Portal)
|
vers:all/* |
None Available
|
|
|
SIRIUS Soft Starter ES V19 (TIA Portal)
Siemens / SIRIUS Soft Starter ES V19 (TIA Portal)
|
vers:all/* |
None Available
|
|
|
TIA Portal Cloud V17
Siemens / TIA Portal Cloud V17
|
vers:all/* |
None Available
|
|
|
TIA Portal Cloud V18
Siemens / TIA Portal Cloud V18
|
vers:all/* |
None Available
|
|
|
TIA Portal Cloud V19
Siemens / TIA Portal Cloud V19
|
vers:intdot/<5.2.1.1 |
Vendor Fix
|
References
10 references
Acknowledgments
Siemens ProductCERT
Elex Feigong Research Institute
Peter Cheng
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reporting this vulnerability to CISA."
},
{
"names": [
"Peter Cheng"
],
"organization": "Elex Feigong Research Institute",
"summary": "reporting this vulnerability"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://www.cisa.gov/news-events/news/traffic-light-protocol-tlp-definitions-and-usage"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Affected products contain a local arbitrary code execution vulnerability that could allow an attacker to perform actions against the operation system of that environment.\n\nSiemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available.\n\nSiemens has released products based on the Totally Integrated Automation Portal (TIA Portal) V20 which are not affected by CVE-2024-52051. See the chapter \"Additional Information\" below for more details.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy \u0026 Use policy (https://www.cisa.gov/privacy-policy).",
"title": "Legal Notice and Terms of Use"
},
{
"category": "other",
"text": "This ICSA is a verbatim republication of Siemens ProductCERT SSA-392859 from a direct conversion of the vendor\u0027s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA\u0027s website as a means of increasing visibility and is provided \"as-is\" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Critical Manufacturing",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-392859: Local Arbitrary Code Execution Vulnerability in Siemens Engineering Platforms before V20 - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-392859.json"
},
{
"category": "self",
"summary": "SSA-392859: Local Arbitrary Code Execution Vulnerability in Siemens Engineering Platforms before V20 - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-392859.html"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-24-347-02 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-347-02.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-24-347-02 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-347-02"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b"
}
],
"title": "Siemens Engineering Platforms",
"tracking": {
"current_release_date": "2025-12-09T00:00:00.000000Z",
"generator": {
"date": "2025-12-11T21:03:11.292608Z",
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-24-347-02",
"initial_release_date": "2024-12-10T00:00:00.000000Z",
"revision_history": [
{
"date": "2024-12-10T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2025-08-12T00:00:00.000000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added fix for Totally Integrated Automation Portal (TIA Portal) V19; Name of SIMOTION SCOUT TIA V5.6 SP1 was updated to SIMOTION SCOUT TIA V5.6 and Name of SIMOTION SCOUT TIA V5.5 SP1 was updated to SIMOTION SCOUT TIA V5.5 and Name of SIMOTION SCOUT TIA V5.4 SP3 was updated to SIMOTION SCOUT TIA V5.4"
},
{
"date": "2025-12-09T00:00:00.000000Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Added fix for Totally Integrated Automation Portal (TIA Portal) V17"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC S7-PLCSIM V17",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-PLCSIM V17"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC S7-PLCSIM V18",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-PLCSIM V18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV17_Update_9",
"product": {
"name": "SIMATIC STEP 7 Safety V17",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "SIMATIC STEP 7 Safety V17"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC STEP 7 Safety V18",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "SIMATIC STEP 7 Safety V18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV19_Update_4",
"product": {
"name": "SIMATIC STEP 7 Safety V19",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "SIMATIC STEP 7 Safety V19"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV17_Update_9",
"product": {
"name": "SIMATIC STEP 7 V17",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "SIMATIC STEP 7 V17"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC STEP 7 V18",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "SIMATIC STEP 7 V18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV19_Update_4",
"product": {
"name": "SIMATIC STEP 7 V19",
"product_id": "CSAFPID-0008"
}
}
],
"category": "product_name",
"name": "SIMATIC STEP 7 V19"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC WinCC Unified PC Runtime V18",
"product_id": "CSAFPID-0009"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC Unified PC Runtime V18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV19_Update_4",
"product": {
"name": "SIMATIC WinCC Unified PC Runtime V19",
"product_id": "CSAFPID-0010"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC Unified PC Runtime V19"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV17_Update_9",
"product": {
"name": "SIMATIC WinCC Unified V17",
"product_id": "CSAFPID-0011"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC Unified V17"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC WinCC Unified V18",
"product_id": "CSAFPID-0012"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC Unified V18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV19_Update_4",
"product": {
"name": "SIMATIC WinCC Unified V19",
"product_id": "CSAFPID-0013"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC Unified V19"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV17_Update_9",
"product": {
"name": "SIMATIC WinCC V17",
"product_id": "CSAFPID-0014"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC V17"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC WinCC V18",
"product_id": "CSAFPID-0015"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC V18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV19_Update_4",
"product": {
"name": "SIMATIC WinCC V19",
"product_id": "CSAFPID-0016"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC V19"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMOCODE ES V17",
"product_id": "CSAFPID-0017"
}
}
],
"category": "product_name",
"name": "SIMOCODE ES V17"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMOCODE ES V18",
"product_id": "CSAFPID-0018"
}
}
],
"category": "product_name",
"name": "SIMOCODE ES V18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMOCODE ES V19",
"product_id": "CSAFPID-0019"
}
}
],
"category": "product_name",
"name": "SIMOCODE ES V19"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMOTION SCOUT TIA V5.4",
"product_id": "CSAFPID-0020"
}
}
],
"category": "product_name",
"name": "SIMOTION SCOUT TIA V5.4"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMOTION SCOUT TIA V5.5",
"product_id": "CSAFPID-0021"
}
}
],
"category": "product_name",
"name": "SIMOTION SCOUT TIA V5.5"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.6_SP1_HF7",
"product": {
"name": "SIMOTION SCOUT TIA V5.6",
"product_id": "CSAFPID-0022"
}
}
],
"category": "product_name",
"name": "SIMOTION SCOUT TIA V5.6"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SINAMICS Startdrive V17",
"product_id": "CSAFPID-0023"
}
}
],
"category": "product_name",
"name": "SINAMICS Startdrive V17"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SINAMICS Startdrive V18",
"product_id": "CSAFPID-0024"
}
}
],
"category": "product_name",
"name": "SINAMICS Startdrive V18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SINAMICS Startdrive V19",
"product_id": "CSAFPID-0025"
}
}
],
"category": "product_name",
"name": "SINAMICS Startdrive V19"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIRIUS Safety ES V17 (TIA Portal)",
"product_id": "CSAFPID-0026"
}
}
],
"category": "product_name",
"name": "SIRIUS Safety ES V17 (TIA Portal)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIRIUS Safety ES V18 (TIA Portal)",
"product_id": "CSAFPID-0027"
}
}
],
"category": "product_name",
"name": "SIRIUS Safety ES V18 (TIA Portal)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIRIUS Safety ES V19 (TIA Portal)",
"product_id": "CSAFPID-0028"
}
}
],
"category": "product_name",
"name": "SIRIUS Safety ES V19 (TIA Portal)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIRIUS Soft Starter ES V17 (TIA Portal)",
"product_id": "CSAFPID-0029"
}
}
],
"category": "product_name",
"name": "SIRIUS Soft Starter ES V17 (TIA Portal)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIRIUS Soft Starter ES V18 (TIA Portal)",
"product_id": "CSAFPID-0030"
}
}
],
"category": "product_name",
"name": "SIRIUS Soft Starter ES V18 (TIA Portal)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIRIUS Soft Starter ES V19 (TIA Portal)",
"product_id": "CSAFPID-0031"
}
}
],
"category": "product_name",
"name": "SIRIUS Soft Starter ES V19 (TIA Portal)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "TIA Portal Cloud V17",
"product_id": "CSAFPID-0032"
}
}
],
"category": "product_name",
"name": "TIA Portal Cloud V17"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "TIA Portal Cloud V18",
"product_id": "CSAFPID-0033"
}
}
],
"category": "product_name",
"name": "TIA Portal Cloud V18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c5.2.1.1",
"product": {
"name": "TIA Portal Cloud V19",
"product_id": "CSAFPID-0034"
}
}
],
"category": "product_name",
"name": "TIA Portal Cloud V19"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-52051",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The affected devices do not properly sanitize user-controllable input when parsing user settings. This could allow an attacker to locally execute arbitrary commands in the host operating system with the privileges of the user.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004",
"CSAFPID-0007",
"CSAFPID-0009",
"CSAFPID-0012",
"CSAFPID-0015",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033"
]
},
{
"category": "vendor_fix",
"details": "Update to V17 Update 9 or later version",
"product_ids": [
"CSAFPID-0003",
"CSAFPID-0006",
"CSAFPID-0011",
"CSAFPID-0014"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109784441/"
},
{
"category": "vendor_fix",
"details": "Update to V19 Update 4 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0008",
"CSAFPID-0010",
"CSAFPID-0013",
"CSAFPID-0016"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109925643/"
},
{
"category": "vendor_fix",
"details": "Update to V5.6 SP1 HF7 or later version",
"product_ids": [
"CSAFPID-0022"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109989067/"
},
{
"category": "vendor_fix",
"details": "TIA Portal Cloud V5.2.1.1 or later version updated TIA Portal to V19 Update 4 or later version",
"product_ids": [
"CSAFPID-0034"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034"
]
}
],
"title": "CVE-2024-52051"
}
]
}
NCSC-2024-0473
Vulnerability from csaf_ncscnl - Published: 2024-12-10 19:34 - Updated: 2024-12-10 19:34Summary
Kwetsbaarheden verholpen in Siemens producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Siemens heeft kwetsbaarheden verholpen in diverse producten als COMOS, RUGGEDCOM, SENTRON, SICAM, SIMATIC en TeamCenter.
Interpretaties: De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Denial-of-Service (DoS)
- Cross-Site-Scripting (XSS)
- Manipulatie van gegevens
- Omzeilen van een beveiligingsmaatregel
- Omzeilen van authenticatie
- (Remote) code execution (Administrator/Root rechten)
- (Remote) code execution (Gebruikersrechten)
- Toegang tot systeemgegevens
- Verhoogde gebruikersrechten
De kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.
Oplossingen: Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico's zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-191: Integer Underflow (Wrap or Wraparound)
CWE-522: Insufficiently Protected Credentials
CWE-125: Out-of-bounds Read
CWE-352: Cross-Site Request Forgery (CSRF)
CWE-502: Deserialization of Untrusted Data
CWE-611: Improper Restriction of XML External Entity Reference
CWE-122: Heap-based Buffer Overflow
CWE-121: Stack-based Buffer Overflow
CWE-20: Improper Input Validation
CWE-352
- Cross-Site Request Forgery (CSRF)
Affected products
Known affected
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ruggedcom_rox_mx5000
siemens
|
cpe:2.3:a:siemens:ruggedcom_rox_mx5000:*:*:*:*:*:*:*:*
|
— | |
|
ruggedcom_rox_mx5000re
siemens
|
cpe:2.3:a:siemens:ruggedcom_rox_mx5000re:*:*:*:*:*:*:*:*
|
— | |
|
ruggedcom_rox_rx1400
siemens
|
cpe:2.3:a:siemens:ruggedcom_rox_rx1400:*:*:*:*:*:*:*:*
|
— | |
|
ruggedcom_rox_rx1500
siemens
|
cpe:2.3:a:siemens:ruggedcom_rox_rx1500:*:*:*:*:*:*:*:*
|
— | |
|
ruggedcom_rox_rx1501
siemens
|
cpe:2.3:a:siemens:ruggedcom_rox_rx1501:*:*:*:*:*:*:*:*
|
— | |
|
ruggedcom_rox_rx1510
siemens
|
cpe:2.3:a:siemens:ruggedcom_rox_rx1510:*:*:*:*:*:*:*:*
|
— | |
|
ruggedcom_rox_rx1511
siemens
|
cpe:2.3:a:siemens:ruggedcom_rox_rx1511:*:*:*:*:*:*:*:*
|
— | |
|
ruggedcom_rox_rx1512
siemens
|
cpe:2.3:a:siemens:ruggedcom_rox_rx1512:*:*:*:*:*:*:*:*
|
— | |
|
ruggedcom_rox_rx1524
siemens
|
cpe:2.3:a:siemens:ruggedcom_rox_rx1524:*:*:*:*:*:*:*:*
|
— | |
|
ruggedcom_rox_rx1536
siemens
|
cpe:2.3:a:siemens:ruggedcom_rox_rx1536:*:*:*:*:*:*:*:*
|
— | |
|
ruggedcom_rox_rx5000
siemens
|
cpe:2.3:a:siemens:ruggedcom_rox_rx5000:*:*:*:*:*:*:*:*
|
— | |
|
ruggedcom_rox_mx5000
siemens
|
cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*
|
— | |
|
ruggedcom_rox_mx5000re
siemens
|
cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*
|
— | |
|
ruggedcom_rox_rx1400
siemens
|
cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*
|
— | |
|
ruggedcom_rox_rx1500
siemens
|
cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*
|
— | |
|
ruggedcom_rox_rx1501
siemens
|
cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*
|
— | |
|
ruggedcom_rox_rx1510
siemens
|
cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*
|
— | |
|
ruggedcom_rox_rx1511
siemens
|
cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*
|
— | |
|
ruggedcom_rox_rx1512
siemens
|
cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*
|
— | |
|
ruggedcom_rox_rx1524
siemens
|
cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*
|
— | |
|
ruggedcom_rox_rx1536
siemens
|
cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*
|
— | |
|
ruggedcom_rox_rx5000
siemens
|
cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*
|
— |
6.5 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
sentron_powercenter_1000__7kn1110-0mc00_
siemens
|
cpe:2.3:a:siemens:sentron_powercenter_1000__7kn1110-0mc00_:*:*:*:*:*:*:*:*
|
— | |
|
sentron_powercenter_1100__7kn1111-0mc00_
siemens
|
cpe:2.3:a:siemens:sentron_powercenter_1100__7kn1111-0mc00_:*:*:*:*:*:*:*:*
|
— |
CWE-122
- Heap-based Buffer Overflow
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
simcenter_nastran_2306
siemens
|
cpe:2.3:a:siemens:simcenter_nastran_2306:0:*:*:*:*:*:*:*
|
— | |
|
simcenter_nastran_2312
siemens
|
cpe:2.3:a:siemens:simcenter_nastran_2312:0:*:*:*:*:*:*:*
|
— | |
|
simcenter_nastran_2406
siemens
|
cpe:2.3:a:siemens:simcenter_nastran_2406:0:*:*:*:*:*:*:*
|
— | |
|
simcenter_nastran_2306
siemens
|
cpe:2.3:a:siemens:simcenter_nastran_2306:*:*:*:*:*:*:*:*
|
— | |
|
simcenter_nastran_2312
siemens
|
cpe:2.3:a:siemens:simcenter_nastran_2312:*:*:*:*:*:*:*:*
|
— | |
|
simcenter_nastran_2406
siemens
|
cpe:2.3:a:siemens:simcenter_nastran_2406:*:*:*:*:*:*:*:*
|
— | |
|
simcenter_femap_v2306
siemens
|
cpe:2.3:a:siemens:simcenter_femap_v2306:*:*:*:*:*:*:*:*
|
— | |
|
simcenter_femap_v2401
siemens
|
cpe:2.3:a:siemens:simcenter_femap_v2401:*:*:*:*:*:*:*:*
|
— | |
|
simcenter_femap_v2406
siemens
|
cpe:2.3:a:siemens:simcenter_femap_v2406:*:*:*:*:*:*:*:*
|
— | |
|
simcenter_nastran
siemens
|
cpe:2.3:a:siemens:simcenter_nastran:*:*:*:*:*:*:*:*
|
— |
CWE-125
- Out-of-bounds Read
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
tecnomatix_plant_simulation_v2302
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2302:0:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2404
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2404:0:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2302
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2302:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2404
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2404:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v14.2
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v14.2:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v14.3
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v14.3:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v2312
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v2312:*:*:*:*:*:*:*:*
|
— |
7.8 (High)
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
tecnomatix_plant_simulation_v2302
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2302:0:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2404
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2404:0:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2302
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2302:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2404
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2404:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v14.2
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v14.2:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v14.3
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v14.3:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v2312
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v2312:*:*:*:*:*:*:*:*
|
— |
7.8 (High)
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
tecnomatix_plant_simulation_v2302
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2302:0:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2404
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2404:0:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2302
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2302:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2404
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2404:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v14.2
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v14.2:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v14.3
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v14.3:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v2312
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v2312:*:*:*:*:*:*:*:*
|
— |
7.8 (High)
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
tecnomatix_plant_simulation_v2302
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2302:0:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2404
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2404:0:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2302
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2302:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2404
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2404:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v14.2
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v14.2:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v14.3
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v14.3:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v2312
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v2312:*:*:*:*:*:*:*:*
|
— |
CWE-119
- Improper Restriction of Operations within the Bounds of a Memory Buffer
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
tecnomatix_plant_simulation_v2302
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2302:0:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2404
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2404:0:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2302
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2302:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2404
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2404:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v14.2
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v14.2:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v14.3
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v14.3:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v2312
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v2312:*:*:*:*:*:*:*:*
|
— |
CWE-119
- Improper Restriction of Operations within the Bounds of a Memory Buffer
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
tecnomatix_plant_simulation_v2302
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2302:0:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2404
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2404:0:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2302
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2302:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2404
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2404:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v14.2
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v14.2:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v14.3
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v14.3:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v2312
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v2312:*:*:*:*:*:*:*:*
|
— |
CWE-787
- Out-of-bounds Write
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
tecnomatix_plant_simulation_v2302
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2302:0:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2404
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2404:0:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2302
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2302:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2404
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2404:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v14.2
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v14.2:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v14.3
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v14.3:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v2312
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v2312:*:*:*:*:*:*:*:*
|
— |
7.8 (High)
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
tecnomatix_plant_simulation_v2302
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2302:0:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2404
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2404:0:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2302
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2302:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2404
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2404:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v14.2
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v14.2:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v14.3
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v14.3:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v2312
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v2312:*:*:*:*:*:*:*:*
|
— |
CWE-787
- Out-of-bounds Write
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
tecnomatix_plant_simulation_v2302
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2302:0:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2404
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2404:0:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2302
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2302:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2404
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2404:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v14.2
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v14.2:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v14.3
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v14.3:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v2312
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v2312:*:*:*:*:*:*:*:*
|
— |
CWE-119
- Improper Restriction of Operations within the Bounds of a Memory Buffer
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
tecnomatix_plant_simulation_v2302
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2302:0:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2404
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2404:0:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2302
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2302:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2404
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2404:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v14.2
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v14.2:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v14.3
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v14.3:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v2312
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v2312:*:*:*:*:*:*:*:*
|
— |
7.8 (High)
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
tecnomatix_plant_simulation_v2302
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2302:0:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2404
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2404:0:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2302
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2302:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2404
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2404:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v14.2
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v14.2:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v14.3
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v14.3:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v2312
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v2312:*:*:*:*:*:*:*:*
|
— |
CWE-119
- Improper Restriction of Operations within the Bounds of a Memory Buffer
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
tecnomatix_plant_simulation_v2302
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2302:0:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2404
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2404:0:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2302
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2302:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2404
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2404:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v14.2
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v14.2:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v14.3
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v14.3:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v2312
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v2312:*:*:*:*:*:*:*:*
|
— |
CWE-119
- Improper Restriction of Operations within the Bounds of a Memory Buffer
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
tecnomatix_plant_simulation_v2302
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2302:0:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2404
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2404:0:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2302
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2302:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2404
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2404:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v14.2
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v14.2:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v14.3
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v14.3:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v2312
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v2312:*:*:*:*:*:*:*:*
|
— |
CWE-476
- NULL Pointer Dereference
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
tecnomatix_plant_simulation_v2302
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2302:0:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2404
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2404:0:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2302
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2302:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2404
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2404:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v14.2
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v14.2:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v14.3
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v14.3:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v2312
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v2312:*:*:*:*:*:*:*:*
|
— |
7.8 (High)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
simcenter_nastran_2306
siemens
|
cpe:2.3:a:siemens:simcenter_nastran_2306:0:*:*:*:*:*:*:*
|
— | |
|
simcenter_nastran_2312
siemens
|
cpe:2.3:a:siemens:simcenter_nastran_2312:0:*:*:*:*:*:*:*
|
— | |
|
simcenter_nastran_2406
siemens
|
cpe:2.3:a:siemens:simcenter_nastran_2406:0:*:*:*:*:*:*:*
|
— | |
|
simcenter_nastran_2306
siemens
|
cpe:2.3:a:siemens:simcenter_nastran_2306:*:*:*:*:*:*:*:*
|
— | |
|
simcenter_nastran_2312
siemens
|
cpe:2.3:a:siemens:simcenter_nastran_2312:*:*:*:*:*:*:*:*
|
— | |
|
simcenter_nastran_2406
siemens
|
cpe:2.3:a:siemens:simcenter_nastran_2406:*:*:*:*:*:*:*:*
|
— | |
|
simcenter_femap_v2306
siemens
|
cpe:2.3:a:siemens:simcenter_femap_v2306:*:*:*:*:*:*:*:*
|
— | |
|
simcenter_femap_v2401
siemens
|
cpe:2.3:a:siemens:simcenter_femap_v2401:*:*:*:*:*:*:*:*
|
— | |
|
simcenter_femap_v2406
siemens
|
cpe:2.3:a:siemens:simcenter_femap_v2406:*:*:*:*:*:*:*:*
|
— | |
|
simcenter_nastran
siemens
|
cpe:2.3:a:siemens:simcenter_nastran:*:*:*:*:*:*:*:*
|
— |
CWE-611
- Improper Restriction of XML External Entity Reference
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
comos_v10.3
siemens
|
cpe:2.3:a:siemens:comos_v10.3:*:*:*:*:*:*:*:*
|
— | |
|
comos_v10.4.0
siemens
|
cpe:2.3:a:siemens:comos_v10.4.0:*:*:*:*:*:*:*:*
|
— | |
|
comos_v10.4.1
siemens
|
cpe:2.3:a:siemens:comos_v10.4.1:*:*:*:*:*:*:*:*
|
— | |
|
comos_v10.4.2
siemens
|
cpe:2.3:a:siemens:comos_v10.4.2:*:*:*:*:*:*:*:*
|
— | |
|
comos_v10.4.3
siemens
|
cpe:2.3:a:siemens:comos_v10.4.3:*:*:*:*:*:*:*:*
|
— | |
|
comos_v10.4.4
siemens
|
cpe:2.3:a:siemens:comos_v10.4.4:*:*:*:*:*:*:*:*
|
— | |
|
comos_v10.4.4.1
siemens
|
cpe:2.3:a:siemens:comos_v10.4.4.1:*:*:*:*:*:*:*:*
|
— | |
|
comos
siemens
|
cpe:2.3:a:siemens:comos:*:*:*:*:*:*:*:*
|
— |
CWE-502
- Deserialization of Untrusted Data
Affected products
Known affected
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
simatic_step_7
siemens
|
cpe:2.3:a:siemens:simatic_step_7:*:*:*:*:*:*:*:*
|
— | |
|
simatic_wincc
siemens
|
cpe:2.3:a:siemens:simatic_wincc:*:*:*:*:*:*:*:*
|
— | |
|
simatic_wincc_unified
siemens
|
cpe:2.3:a:siemens:simatic_wincc_unified:*:*:*:*:*:*:*:*
|
— | |
|
sinamics_startdrive
siemens
|
cpe:2.3:a:siemens:sinamics_startdrive:*:*:*:*:*:*:*:*
|
— | |
|
sirius_safety_es
siemens
|
cpe:2.3:a:siemens:sirius_safety_es:*:*:*:*:*:*:*:*
|
— | |
|
tia_portal_cloud
siemens
|
cpe:2.3:a:siemens:tia_portal_cloud:*:*:*:*:*:*:*:*
|
— | |
|
simatic_s7-plcsim_v16
siemens
|
cpe:2.3:a:siemens:simatic_s7-plcsim_v16:*:*:*:*:*:*:*:*
|
— | |
|
simatic_s7-plcsim_v17
siemens
|
cpe:2.3:a:siemens:simatic_s7-plcsim_v17:*:*:*:*:*:*:*:*
|
— | |
|
simatic_step_7_safety_v16
siemens
|
cpe:2.3:a:siemens:simatic_step_7_safety_v16:*:*:*:*:*:*:*:*
|
— | |
|
simatic_step_7_safety_v17
siemens
|
cpe:2.3:a:siemens:simatic_step_7_safety_v17:*:*:*:*:*:*:*:*
|
— | |
|
simatic_step_7_safety_v18
siemens
|
cpe:2.3:a:siemens:simatic_step_7_safety_v18:*:*:*:*:*:*:*:*
|
— | |
|
simatic_step_7_safety_v19
siemens
|
cpe:2.3:a:siemens:simatic_step_7_safety_v19:*:*:*:*:*:*:*:*
|
— | |
|
simatic_step_7_v16
siemens
|
cpe:2.3:a:siemens:simatic_step_7_v16:*:*:*:*:*:*:*:*
|
— | |
|
simatic_step_7_v17
siemens
|
cpe:2.3:a:siemens:simatic_step_7_v17:*:*:*:*:*:*:*:*
|
— | |
|
simatic_step_7_v18
siemens
|
cpe:2.3:a:siemens:simatic_step_7_v18:*:*:*:*:*:*:*:*
|
— | |
|
simatic_step_7_v19
siemens
|
cpe:2.3:a:siemens:simatic_step_7_v19:*:*:*:*:*:*:*:*
|
— | |
|
simatic_wincc_unified_v16
siemens
|
cpe:2.3:a:siemens:simatic_wincc_unified_v16:*:*:*:*:*:*:*:*
|
— | |
|
simatic_wincc_unified_v17
siemens
|
cpe:2.3:a:siemens:simatic_wincc_unified_v17:*:*:*:*:*:*:*:*
|
— | |
|
simatic_wincc_unified_v18
siemens
|
cpe:2.3:a:siemens:simatic_wincc_unified_v18:*:*:*:*:*:*:*:*
|
— | |
|
simatic_wincc_unified_v19
siemens
|
cpe:2.3:a:siemens:simatic_wincc_unified_v19:*:*:*:*:*:*:*:*
|
— | |
|
simatic_wincc_v16
siemens
|
cpe:2.3:a:siemens:simatic_wincc_v16:*:*:*:*:*:*:*:*
|
— | |
|
simatic_wincc_v17
siemens
|
cpe:2.3:a:siemens:simatic_wincc_v17:*:*:*:*:*:*:*:*
|
— | |
|
simatic_wincc_v18
siemens
|
cpe:2.3:a:siemens:simatic_wincc_v18:*:*:*:*:*:*:*:*
|
— | |
|
simatic_wincc_v19
siemens
|
cpe:2.3:a:siemens:simatic_wincc_v19:*:*:*:*:*:*:*:*
|
— | |
|
simocode_es_v16
siemens
|
cpe:2.3:a:siemens:simocode_es_v16:*:*:*:*:*:*:*:*
|
— | |
|
simocode_es_v17
siemens
|
cpe:2.3:a:siemens:simocode_es_v17:*:*:*:*:*:*:*:*
|
— | |
|
simocode_es_v18
siemens
|
cpe:2.3:a:siemens:simocode_es_v18:*:*:*:*:*:*:*:*
|
— | |
|
simocode_es_v19
siemens
|
cpe:2.3:a:siemens:simocode_es_v19:*:*:*:*:*:*:*:*
|
— | |
|
simotion_scout_tia_v5.4_sp1
siemens
|
cpe:2.3:a:siemens:simotion_scout_tia_v5.4_sp1:*:*:*:*:*:*:*:*
|
— | |
|
simotion_scout_tia_v5.4_sp3
siemens
|
cpe:2.3:a:siemens:simotion_scout_tia_v5.4_sp3:*:*:*:*:*:*:*:*
|
— | |
|
simotion_scout_tia_v5.5_sp1
siemens
|
cpe:2.3:a:siemens:simotion_scout_tia_v5.5_sp1:*:*:*:*:*:*:*:*
|
— | |
|
simotion_scout_tia_v5.6_sp1
siemens
|
cpe:2.3:a:siemens:simotion_scout_tia_v5.6_sp1:*:*:*:*:*:*:*:*
|
— | |
|
sinamics_startdrive_v16
siemens
|
cpe:2.3:a:siemens:sinamics_startdrive_v16:*:*:*:*:*:*:*:*
|
— | |
|
sinamics_startdrive_v17
siemens
|
cpe:2.3:a:siemens:sinamics_startdrive_v17:*:*:*:*:*:*:*:*
|
— | |
|
sinamics_startdrive_v18
siemens
|
cpe:2.3:a:siemens:sinamics_startdrive_v18:*:*:*:*:*:*:*:*
|
— | |
|
sinamics_startdrive_v19
siemens
|
cpe:2.3:a:siemens:sinamics_startdrive_v19:*:*:*:*:*:*:*:*
|
— | |
|
sirius_safety_es_v17__tia_portal_
siemens
|
cpe:2.3:a:siemens:sirius_safety_es_v17__tia_portal_:*:*:*:*:*:*:*:*
|
— | |
|
sirius_safety_es_v18__tia_portal_
siemens
|
cpe:2.3:a:siemens:sirius_safety_es_v18__tia_portal_:*:*:*:*:*:*:*:*
|
— | |
|
sirius_safety_es_v19__tia_portal_
siemens
|
cpe:2.3:a:siemens:sirius_safety_es_v19__tia_portal_:*:*:*:*:*:*:*:*
|
— | |
|
sirius_soft_starter_es_v17__tia_portal_
siemens
|
cpe:2.3:a:siemens:sirius_soft_starter_es_v17__tia_portal_:*:*:*:*:*:*:*:*
|
— | |
|
sirius_soft_starter_es_v18__tia_portal_
siemens
|
cpe:2.3:a:siemens:sirius_soft_starter_es_v18__tia_portal_:*:*:*:*:*:*:*:*
|
— | |
|
sirius_soft_starter_es_v19__tia_portal_
siemens
|
cpe:2.3:a:siemens:sirius_soft_starter_es_v19__tia_portal_:*:*:*:*:*:*:*:*
|
— | |
|
tia_portal_cloud_v16
siemens
|
cpe:2.3:a:siemens:tia_portal_cloud_v16:*:*:*:*:*:*:*:*
|
— | |
|
tia_portal_cloud_v17
siemens
|
cpe:2.3:a:siemens:tia_portal_cloud_v17:*:*:*:*:*:*:*:*
|
— | |
|
tia_portal_cloud_v18
siemens
|
cpe:2.3:a:siemens:tia_portal_cloud_v18:*:*:*:*:*:*:*:*
|
— | |
|
tia_portal_cloud_v19
siemens
|
cpe:2.3:a:siemens:tia_portal_cloud_v19:*:*:*:*:*:*:*:*
|
— |
CWE-20
- Improper Input Validation
Affected products
Known affected
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
simatic_step_7
siemens
|
cpe:2.3:a:siemens:simatic_step_7:*:*:*:*:*:*:*:*
|
— | |
|
simatic_wincc
siemens
|
cpe:2.3:a:siemens:simatic_wincc:*:*:*:*:*:*:*:*
|
— | |
|
simatic_wincc_unified
siemens
|
cpe:2.3:a:siemens:simatic_wincc_unified:*:*:*:*:*:*:*:*
|
— | |
|
sinamics_startdrive
siemens
|
cpe:2.3:a:siemens:sinamics_startdrive:*:*:*:*:*:*:*:*
|
— | |
|
sirius_safety_es
siemens
|
cpe:2.3:a:siemens:sirius_safety_es:*:*:*:*:*:*:*:*
|
— | |
|
tia_portal_cloud
siemens
|
cpe:2.3:a:siemens:tia_portal_cloud:*:*:*:*:*:*:*:*
|
— | |
|
simatic_s7-plcsim_v17
siemens
|
cpe:2.3:a:siemens:simatic_s7-plcsim_v17:*:*:*:*:*:*:*:*
|
— | |
|
simatic_s7-plcsim_v18
siemens
|
cpe:2.3:a:siemens:simatic_s7-plcsim_v18:*:*:*:*:*:*:*:*
|
— | |
|
simatic_step_7_safety_v17
siemens
|
cpe:2.3:a:siemens:simatic_step_7_safety_v17:*:*:*:*:*:*:*:*
|
— | |
|
simatic_step_7_safety_v18
siemens
|
cpe:2.3:a:siemens:simatic_step_7_safety_v18:*:*:*:*:*:*:*:*
|
— | |
|
simatic_step_7_safety_v19
siemens
|
cpe:2.3:a:siemens:simatic_step_7_safety_v19:*:*:*:*:*:*:*:*
|
— | |
|
simatic_step_7_v17
siemens
|
cpe:2.3:a:siemens:simatic_step_7_v17:*:*:*:*:*:*:*:*
|
— | |
|
simatic_step_7_v18
siemens
|
cpe:2.3:a:siemens:simatic_step_7_v18:*:*:*:*:*:*:*:*
|
— | |
|
simatic_step_7_v19
siemens
|
cpe:2.3:a:siemens:simatic_step_7_v19:*:*:*:*:*:*:*:*
|
— | |
|
simatic_wincc_unified_pc_runtime_v18
siemens
|
cpe:2.3:a:siemens:simatic_wincc_unified_pc_runtime_v18:*:*:*:*:*:*:*:*
|
— | |
|
simatic_wincc_unified_pc_runtime_v19
siemens
|
cpe:2.3:a:siemens:simatic_wincc_unified_pc_runtime_v19:*:*:*:*:*:*:*:*
|
— | |
|
simatic_wincc_unified_v17
siemens
|
cpe:2.3:a:siemens:simatic_wincc_unified_v17:*:*:*:*:*:*:*:*
|
— | |
|
simatic_wincc_unified_v18
siemens
|
cpe:2.3:a:siemens:simatic_wincc_unified_v18:*:*:*:*:*:*:*:*
|
— | |
|
simatic_wincc_unified_v19
siemens
|
cpe:2.3:a:siemens:simatic_wincc_unified_v19:*:*:*:*:*:*:*:*
|
— | |
|
simatic_wincc_v17
siemens
|
cpe:2.3:a:siemens:simatic_wincc_v17:*:*:*:*:*:*:*:*
|
— | |
|
simatic_wincc_v18
siemens
|
cpe:2.3:a:siemens:simatic_wincc_v18:*:*:*:*:*:*:*:*
|
— | |
|
simatic_wincc_v19
siemens
|
cpe:2.3:a:siemens:simatic_wincc_v19:*:*:*:*:*:*:*:*
|
— | |
|
simocode_es_v17
siemens
|
cpe:2.3:a:siemens:simocode_es_v17:*:*:*:*:*:*:*:*
|
— | |
|
simocode_es_v18
siemens
|
cpe:2.3:a:siemens:simocode_es_v18:*:*:*:*:*:*:*:*
|
— | |
|
simocode_es_v19
siemens
|
cpe:2.3:a:siemens:simocode_es_v19:*:*:*:*:*:*:*:*
|
— | |
|
simotion_scout_tia_v5.4_sp3
siemens
|
cpe:2.3:a:siemens:simotion_scout_tia_v5.4_sp3:*:*:*:*:*:*:*:*
|
— | |
|
simotion_scout_tia_v5.5_sp1
siemens
|
cpe:2.3:a:siemens:simotion_scout_tia_v5.5_sp1:*:*:*:*:*:*:*:*
|
— | |
|
simotion_scout_tia_v5.6_sp1
siemens
|
cpe:2.3:a:siemens:simotion_scout_tia_v5.6_sp1:*:*:*:*:*:*:*:*
|
— | |
|
sinamics_startdrive_v17
siemens
|
cpe:2.3:a:siemens:sinamics_startdrive_v17:*:*:*:*:*:*:*:*
|
— | |
|
sinamics_startdrive_v18
siemens
|
cpe:2.3:a:siemens:sinamics_startdrive_v18:*:*:*:*:*:*:*:*
|
— | |
|
sinamics_startdrive_v19
siemens
|
cpe:2.3:a:siemens:sinamics_startdrive_v19:*:*:*:*:*:*:*:*
|
— | |
|
sirius_safety_es_v17__tia_portal_
siemens
|
cpe:2.3:a:siemens:sirius_safety_es_v17__tia_portal_:*:*:*:*:*:*:*:*
|
— | |
|
sirius_safety_es_v18__tia_portal_
siemens
|
cpe:2.3:a:siemens:sirius_safety_es_v18__tia_portal_:*:*:*:*:*:*:*:*
|
— | |
|
sirius_safety_es_v19__tia_portal_
siemens
|
cpe:2.3:a:siemens:sirius_safety_es_v19__tia_portal_:*:*:*:*:*:*:*:*
|
— | |
|
sirius_soft_starter_es_v17__tia_portal_
siemens
|
cpe:2.3:a:siemens:sirius_soft_starter_es_v17__tia_portal_:*:*:*:*:*:*:*:*
|
— | |
|
sirius_soft_starter_es_v18__tia_portal_
siemens
|
cpe:2.3:a:siemens:sirius_soft_starter_es_v18__tia_portal_:*:*:*:*:*:*:*:*
|
— | |
|
sirius_soft_starter_es_v19__tia_portal_
siemens
|
cpe:2.3:a:siemens:sirius_soft_starter_es_v19__tia_portal_:*:*:*:*:*:*:*:*
|
— | |
|
tia_portal_cloud_v17
siemens
|
cpe:2.3:a:siemens:tia_portal_cloud_v17:*:*:*:*:*:*:*:*
|
— | |
|
tia_portal_cloud_v18
siemens
|
cpe:2.3:a:siemens:tia_portal_cloud_v18:*:*:*:*:*:*:*:*
|
— | |
|
tia_portal_cloud_v19
siemens
|
cpe:2.3:a:siemens:tia_portal_cloud_v19:*:*:*:*:*:*:*:*
|
— |
7.8 (High)
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
tecnomatix_plant_simulation_v2302
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2302:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2404
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2404:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation:-:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v14.2
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v14.2:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v14.3
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v14.3:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v2312
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v2312:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v2406
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v2406:*:*:*:*:*:*:*:*
|
— |
7.8 (High)
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
tecnomatix_plant_simulation_v2302
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2302:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2404
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2404:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation:-:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v14.2
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v14.2:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v14.3
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v14.3:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v2312
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v2312:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v2406
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v2406:*:*:*:*:*:*:*:*
|
— |
7.8 (High)
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
tecnomatix_plant_simulation_v2302
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2302:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2404
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2404:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation:-:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v14.2
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v14.2:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v14.3
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v14.3:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v2312
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v2312:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v2406
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v2406:*:*:*:*:*:*:*:*
|
— |
7.8 (High)
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
tecnomatix_plant_simulation_v2302
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2302:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2404
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2404:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation:-:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v14.2
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v14.2:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v14.3
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v14.3:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v2312
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v2312:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v2406
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v2406:*:*:*:*:*:*:*:*
|
— |
7.8 (High)
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
tecnomatix_plant_simulation_v2302
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2302:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2404
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2404:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation:-:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v14.2
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v14.2:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v14.3
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v14.3:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v2312
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v2312:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v2406
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v2406:*:*:*:*:*:*:*:*
|
— |
7.8 (High)
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
tecnomatix_plant_simulation_v2302
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2302:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2404
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2404:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation:-:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v14.2
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v14.2:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v14.3
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v14.3:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v2312
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v2312:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v2406
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v2406:*:*:*:*:*:*:*:*
|
— |
7.8 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
tecnomatix_plant_simulation_v2302
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2302:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2404
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2404:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v14.2
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v14.2:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v14.3
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v14.3:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v2312
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v2312:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v2406
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v2406:*:*:*:*:*:*:*:*
|
— |
7.8 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
tecnomatix_plant_simulation_v2302
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2302:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2404
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2404:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v14.2
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v14.2:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v14.3
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v14.3:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v2312
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v2312:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v2406
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v2406:*:*:*:*:*:*:*:*
|
— |
7.8 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
tecnomatix_plant_simulation_v2302
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2302:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2404
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2404:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v14.2
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v14.2:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v14.3
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v14.3:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v2312
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v2312:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v2406
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v2406:*:*:*:*:*:*:*:*
|
— |
7.8 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
tecnomatix_plant_simulation_v2302
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2302:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2404
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2404:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v14.2
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v14.2:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v14.3
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v14.3:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v2312
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v2312:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v2406
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v2406:*:*:*:*:*:*:*:*
|
— |
CWE-121
- Stack-based Buffer Overflow
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
teamcenter_visualization
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v14.2
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v14.2:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v14.3
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v14.3:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v2312
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v2312:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2302
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2302:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2404
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2404:*:*:*:*:*:*:*:*
|
— |
CWE-125
- Out-of-bounds Read
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
teamcenter_visualization
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v14.2
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v14.2:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v14.3
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v14.3:*:*:*:*:*:*:*:*
|
— | |
|
teamcenter_visualization_v2312
siemens
|
cpe:2.3:a:siemens:teamcenter_visualization_v2312:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2302
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2302:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2404
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2404:*:*:*:*:*:*:*:*
|
— |
4.6 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
cpci85_central_processing_communication
siemens
|
cpe:2.3:a:siemens:cpci85_central_processing_communication:*:*:*:*:*:*:*:*
|
— |
CWE-611
- Improper Restriction of XML External Entity Reference
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
comos
siemens
|
cpe:2.3:a:siemens:comos:*:*:*:*:*:*:*:*
|
— | |
|
comos_v10.3
siemens
|
cpe:2.3:a:siemens:comos_v10.3:*:*:*:*:*:*:*:*
|
— | |
|
comos_v10.4.0
siemens
|
cpe:2.3:a:siemens:comos_v10.4.0:*:*:*:*:*:*:*:*
|
— | |
|
comos_v10.4.1
siemens
|
cpe:2.3:a:siemens:comos_v10.4.1:*:*:*:*:*:*:*:*
|
— | |
|
comos_v10.4.2
siemens
|
cpe:2.3:a:siemens:comos_v10.4.2:*:*:*:*:*:*:*:*
|
— | |
|
comos_v10.4.3
siemens
|
cpe:2.3:a:siemens:comos_v10.4.3:*:*:*:*:*:*:*:*
|
— | |
|
comos_v10.4.4
siemens
|
cpe:2.3:a:siemens:comos_v10.4.4:*:*:*:*:*:*:*:*
|
— | |
|
comos_v10.4.4.1
siemens
|
cpe:2.3:a:siemens:comos_v10.4.4.1:*:*:*:*:*:*:*:*
|
— |
CWE-122
- Heap-based Buffer Overflow
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
solid_edge_se2024
siemens
|
cpe:2.3:a:siemens:solid_edge_se2024:*:*:*:*:*:*:*:*
|
— |
CWE-122
- Heap-based Buffer Overflow
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
solid_edge_se2024
siemens
|
cpe:2.3:a:siemens:solid_edge_se2024:*:*:*:*:*:*:*:*
|
— |
7.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
solid_edge_se2024
siemens
|
cpe:2.3:a:siemens:solid_edge_se2024:*:*:*:*:*:*:*:*
|
— |
References
48 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Siemens heeft kwetsbaarheden verholpen in diverse producten als COMOS, RUGGEDCOM, SENTRON, SICAM, SIMATIC en TeamCenter.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Denial-of-Service (DoS)\n- Cross-Site-Scripting (XSS)\n- Manipulatie van gegevens\n- Omzeilen van een beveiligingsmaatregel\n- Omzeilen van authenticatie\n- (Remote) code execution (Administrator/Root rechten)\n- (Remote) code execution (Gebruikersrechten)\n- Toegang tot systeemgegevens\n- Verhoogde gebruikersrechten\n\nDe kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico\u0027s zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Integer Underflow (Wrap or Wraparound)",
"title": "CWE-191"
},
{
"category": "general",
"text": "Insufficiently Protected Credentials",
"title": "CWE-522"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Cross-Site Request Forgery (CSRF)",
"title": "CWE-352"
},
{
"category": "general",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "general",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "general",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-128393.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-384652.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-392859.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-620799.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-645131.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-701627.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-730188.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-800126.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-881356.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979056.pdf"
}
],
"title": "Kwetsbaarheden verholpen in Siemens producten",
"tracking": {
"current_release_date": "2024-12-10T19:34:53.515240Z",
"id": "NCSC-2024-0473",
"initial_release_date": "2024-12-10T19:34:53.515240Z",
"revision_history": [
{
"date": "2024-12-10T19:34:53.515240Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "comos",
"product": {
"name": "comos",
"product_id": "CSAFPID-396548",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:comos:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "comos_v10.3",
"product": {
"name": "comos_v10.3",
"product_id": "CSAFPID-1702511",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:comos_v10.3:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "comos_v10.4.0",
"product": {
"name": "comos_v10.4.0",
"product_id": "CSAFPID-1741068",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:comos_v10.4.0:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "comos_v10.4.1",
"product": {
"name": "comos_v10.4.1",
"product_id": "CSAFPID-1741069",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:comos_v10.4.1:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "comos_v10.4.2",
"product": {
"name": "comos_v10.4.2",
"product_id": "CSAFPID-1741070",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:comos_v10.4.2:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "comos_v10.4.3",
"product": {
"name": "comos_v10.4.3",
"product_id": "CSAFPID-1741071",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:comos_v10.4.3:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "comos_v10.4.4.1",
"product": {
"name": "comos_v10.4.4.1",
"product_id": "CSAFPID-1741073",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:comos_v10.4.4.1:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "comos_v10.4.4",
"product": {
"name": "comos_v10.4.4",
"product_id": "CSAFPID-1741072",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:comos_v10.4.4:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "cpci85_central_processing_communication",
"product": {
"name": "cpci85_central_processing_communication",
"product_id": "CSAFPID-1478257",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:cpci85_central_processing_communication:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "cpci85_central_processing_communication",
"product": {
"name": "cpci85_central_processing_communication",
"product_id": "CSAFPID-1741127",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:cpci85_central_processing_communication:05.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "cpci85_central_processing_communication",
"product": {
"name": "cpci85_central_processing_communication",
"product_id": "CSAFPID-1741137",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:cpci85_central_processing_communication:05.10:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "cpci85_central_processing_communication",
"product": {
"name": "cpci85_central_processing_communication",
"product_id": "CSAFPID-1741138",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:cpci85_central_processing_communication:05.11:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "cpci85_central_processing_communication",
"product": {
"name": "cpci85_central_processing_communication",
"product_id": "CSAFPID-1741139",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:cpci85_central_processing_communication:05.12:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "cpci85_central_processing_communication",
"product": {
"name": "cpci85_central_processing_communication",
"product_id": "CSAFPID-1741140",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:cpci85_central_processing_communication:05.13:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "cpci85_central_processing_communication",
"product": {
"name": "cpci85_central_processing_communication",
"product_id": "CSAFPID-1741141",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:cpci85_central_processing_communication:05.14:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "cpci85_central_processing_communication",
"product": {
"name": "cpci85_central_processing_communication",
"product_id": "CSAFPID-1741142",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:cpci85_central_processing_communication:05.15:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "cpci85_central_processing_communication",
"product": {
"name": "cpci85_central_processing_communication",
"product_id": "CSAFPID-1741143",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:cpci85_central_processing_communication:05.16:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "cpci85_central_processing_communication",
"product": {
"name": "cpci85_central_processing_communication",
"product_id": "CSAFPID-1741144",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:cpci85_central_processing_communication:05.17:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "cpci85_central_processing_communication",
"product": {
"name": "cpci85_central_processing_communication",
"product_id": "CSAFPID-1741145",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:cpci85_central_processing_communication:05.18:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "cpci85_central_processing_communication",
"product": {
"name": "cpci85_central_processing_communication",
"product_id": "CSAFPID-1741146",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:cpci85_central_processing_communication:05.19:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "cpci85_central_processing_communication",
"product": {
"name": "cpci85_central_processing_communication",
"product_id": "CSAFPID-1741128",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:cpci85_central_processing_communication:05.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "cpci85_central_processing_communication",
"product": {
"name": "cpci85_central_processing_communication",
"product_id": "CSAFPID-1741147",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:cpci85_central_processing_communication:05.20:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "cpci85_central_processing_communication",
"product": {
"name": "cpci85_central_processing_communication",
"product_id": "CSAFPID-1741148",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:cpci85_central_processing_communication:05.21:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "cpci85_central_processing_communication",
"product": {
"name": "cpci85_central_processing_communication",
"product_id": "CSAFPID-1741149",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:cpci85_central_processing_communication:05.22:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "cpci85_central_processing_communication",
"product": {
"name": "cpci85_central_processing_communication",
"product_id": "CSAFPID-1741150",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:cpci85_central_processing_communication:05.23:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "cpci85_central_processing_communication",
"product": {
"name": "cpci85_central_processing_communication",
"product_id": "CSAFPID-1741151",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:cpci85_central_processing_communication:05.24:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "cpci85_central_processing_communication",
"product": {
"name": "cpci85_central_processing_communication",
"product_id": "CSAFPID-1741152",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:cpci85_central_processing_communication:05.25:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "cpci85_central_processing_communication",
"product": {
"name": "cpci85_central_processing_communication",
"product_id": "CSAFPID-1741153",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:cpci85_central_processing_communication:05.26:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "cpci85_central_processing_communication",
"product": {
"name": "cpci85_central_processing_communication",
"product_id": "CSAFPID-1741154",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:cpci85_central_processing_communication:05.27:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "cpci85_central_processing_communication",
"product": {
"name": "cpci85_central_processing_communication",
"product_id": "CSAFPID-1741155",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:cpci85_central_processing_communication:05.28:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "cpci85_central_processing_communication",
"product": {
"name": "cpci85_central_processing_communication",
"product_id": "CSAFPID-1741156",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:cpci85_central_processing_communication:05.29:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "cpci85_central_processing_communication",
"product": {
"name": "cpci85_central_processing_communication",
"product_id": "CSAFPID-1741129",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:cpci85_central_processing_communication:05.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "cpci85_central_processing_communication",
"product": {
"name": "cpci85_central_processing_communication",
"product_id": "CSAFPID-1741130",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:cpci85_central_processing_communication:05.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "cpci85_central_processing_communication",
"product": {
"name": "cpci85_central_processing_communication",
"product_id": "CSAFPID-1741131",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:cpci85_central_processing_communication:05.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "cpci85_central_processing_communication",
"product": {
"name": "cpci85_central_processing_communication",
"product_id": "CSAFPID-1741132",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:cpci85_central_processing_communication:05.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "cpci85_central_processing_communication",
"product": {
"name": "cpci85_central_processing_communication",
"product_id": "CSAFPID-1741133",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:cpci85_central_processing_communication:05.6:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "cpci85_central_processing_communication",
"product": {
"name": "cpci85_central_processing_communication",
"product_id": "CSAFPID-1741134",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:cpci85_central_processing_communication:05.7:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "cpci85_central_processing_communication",
"product": {
"name": "cpci85_central_processing_communication",
"product_id": "CSAFPID-1741135",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:cpci85_central_processing_communication:05.8:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "cpci85_central_processing_communication",
"product": {
"name": "cpci85_central_processing_communication",
"product_id": "CSAFPID-1741136",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:cpci85_central_processing_communication:05.9:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "ruggedcom_rox_mx5000",
"product": {
"name": "ruggedcom_rox_mx5000",
"product_id": "CSAFPID-1613204",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:ruggedcom_rox_mx5000:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "ruggedcom_rox_mx5000",
"product": {
"name": "ruggedcom_rox_mx5000",
"product_id": "CSAFPID-1741083",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:ruggedcom_rox_mx5000:2.15.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "ruggedcom_rox_mx5000re",
"product": {
"name": "ruggedcom_rox_mx5000re",
"product_id": "CSAFPID-1613205",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:ruggedcom_rox_mx5000re:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "ruggedcom_rox_mx5000re",
"product": {
"name": "ruggedcom_rox_mx5000re",
"product_id": "CSAFPID-1741084",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:ruggedcom_rox_mx5000re:2.15.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "ruggedcom_rox_rx1400",
"product": {
"name": "ruggedcom_rox_rx1400",
"product_id": "CSAFPID-1613206",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:ruggedcom_rox_rx1400:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "ruggedcom_rox_rx1400",
"product": {
"name": "ruggedcom_rox_rx1400",
"product_id": "CSAFPID-1741085",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:ruggedcom_rox_rx1400:2.15.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "ruggedcom_rox_rx1500",
"product": {
"name": "ruggedcom_rox_rx1500",
"product_id": "CSAFPID-1613207",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:ruggedcom_rox_rx1500:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "ruggedcom_rox_rx1500",
"product": {
"name": "ruggedcom_rox_rx1500",
"product_id": "CSAFPID-1741086",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:ruggedcom_rox_rx1500:2.15.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "ruggedcom_rox_rx1501",
"product": {
"name": "ruggedcom_rox_rx1501",
"product_id": "CSAFPID-1613208",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:ruggedcom_rox_rx1501:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "ruggedcom_rox_rx1501",
"product": {
"name": "ruggedcom_rox_rx1501",
"product_id": "CSAFPID-1741087",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:ruggedcom_rox_rx1501:2.15.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "ruggedcom_rox_rx1510",
"product": {
"name": "ruggedcom_rox_rx1510",
"product_id": "CSAFPID-1613209",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:ruggedcom_rox_rx1510:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "ruggedcom_rox_rx1510",
"product": {
"name": "ruggedcom_rox_rx1510",
"product_id": "CSAFPID-1741088",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:ruggedcom_rox_rx1510:2.15.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "ruggedcom_rox_rx1511",
"product": {
"name": "ruggedcom_rox_rx1511",
"product_id": "CSAFPID-1613210",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:ruggedcom_rox_rx1511:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "ruggedcom_rox_rx1511",
"product": {
"name": "ruggedcom_rox_rx1511",
"product_id": "CSAFPID-1741089",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:ruggedcom_rox_rx1511:2.15.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "ruggedcom_rox_rx1512",
"product": {
"name": "ruggedcom_rox_rx1512",
"product_id": "CSAFPID-1613211",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:ruggedcom_rox_rx1512:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "ruggedcom_rox_rx1512",
"product": {
"name": "ruggedcom_rox_rx1512",
"product_id": "CSAFPID-1741090",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:ruggedcom_rox_rx1512:2.15.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "ruggedcom_rox_rx1524",
"product": {
"name": "ruggedcom_rox_rx1524",
"product_id": "CSAFPID-1613212",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:ruggedcom_rox_rx1524:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "ruggedcom_rox_rx1524",
"product": {
"name": "ruggedcom_rox_rx1524",
"product_id": "CSAFPID-1741091",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:ruggedcom_rox_rx1524:2.15.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "ruggedcom_rox_rx1536",
"product": {
"name": "ruggedcom_rox_rx1536",
"product_id": "CSAFPID-1613213",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:ruggedcom_rox_rx1536:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "ruggedcom_rox_rx1536",
"product": {
"name": "ruggedcom_rox_rx1536",
"product_id": "CSAFPID-1741092",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:ruggedcom_rox_rx1536:2.15.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "ruggedcom_rox_rx5000",
"product": {
"name": "ruggedcom_rox_rx5000",
"product_id": "CSAFPID-1613214",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:ruggedcom_rox_rx5000:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "ruggedcom_rox_rx5000",
"product": {
"name": "ruggedcom_rox_rx5000",
"product_id": "CSAFPID-1741093",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:ruggedcom_rox_rx5000:2.15.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sentron_powercenter_1000__7kn1110-0mc00_",
"product": {
"name": "sentron_powercenter_1000__7kn1110-0mc00_",
"product_id": "CSAFPID-1666785",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sentron_powercenter_1000__7kn1110-0mc00_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sentron_powercenter_1100__7kn1111-0mc00_",
"product": {
"name": "sentron_powercenter_1100__7kn1111-0mc00_",
"product_id": "CSAFPID-1741465",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sentron_powercenter_1100__7kn1111-0mc00_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_s7-plcsim",
"product": {
"name": "simatic_s7-plcsim",
"product_id": "CSAFPID-588822",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_s7-plcsim:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_s7-plcsim_v16",
"product": {
"name": "simatic_s7-plcsim_v16",
"product_id": "CSAFPID-1712825",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_s7-plcsim_v16:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_s7-plcsim_v17",
"product": {
"name": "simatic_s7-plcsim_v17",
"product_id": "CSAFPID-1712826",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_s7-plcsim_v17:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_s7-plcsim_v18",
"product": {
"name": "simatic_s7-plcsim_v18",
"product_id": "CSAFPID-1741189",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_s7-plcsim_v18:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_step_7",
"product": {
"name": "simatic_step_7",
"product_id": "CSAFPID-99097",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_step_7:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_step_7_safety",
"product": {
"name": "simatic_step_7_safety",
"product_id": "CSAFPID-1713198",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_step_7_safety:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_step_7_safety_v16",
"product": {
"name": "simatic_step_7_safety_v16",
"product_id": "CSAFPID-1703190",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_step_7_safety_v16:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_step_7_safety_v17",
"product": {
"name": "simatic_step_7_safety_v17",
"product_id": "CSAFPID-1703191",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_step_7_safety_v17:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_step_7_safety_v18",
"product": {
"name": "simatic_step_7_safety_v18",
"product_id": "CSAFPID-1500667",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_step_7_safety_v18:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_step_7_safety_v19",
"product": {
"name": "simatic_step_7_safety_v19",
"product_id": "CSAFPID-1741175",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_step_7_safety_v19:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_step_7_v16",
"product": {
"name": "simatic_step_7_v16",
"product_id": "CSAFPID-1703187",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_step_7_v16:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_step_7_v17",
"product": {
"name": "simatic_step_7_v17",
"product_id": "CSAFPID-1703188",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_step_7_v17:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_step_7_v18",
"product": {
"name": "simatic_step_7_v18",
"product_id": "CSAFPID-1703189",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_step_7_v18:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_step_7_v19",
"product": {
"name": "simatic_step_7_v19",
"product_id": "CSAFPID-1741176",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_step_7_v19:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc",
"product": {
"name": "simatic_wincc",
"product_id": "CSAFPID-75563",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc_unified",
"product": {
"name": "simatic_wincc_unified",
"product_id": "CSAFPID-1713199",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc_unified:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc_unified_pc_runtime_v18",
"product": {
"name": "simatic_wincc_unified_pc_runtime_v18",
"product_id": "CSAFPID-1637854",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc_unified_pc_runtime_v18:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc_unified_pc_runtime_v19",
"product": {
"name": "simatic_wincc_unified_pc_runtime_v19",
"product_id": "CSAFPID-1741190",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc_unified_pc_runtime_v19:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc_unified_v16",
"product": {
"name": "simatic_wincc_unified_v16",
"product_id": "CSAFPID-1703192",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc_unified_v16:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc_unified_v17",
"product": {
"name": "simatic_wincc_unified_v17",
"product_id": "CSAFPID-1703193",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc_unified_v17:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc_unified_v18",
"product": {
"name": "simatic_wincc_unified_v18",
"product_id": "CSAFPID-1703194",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc_unified_v18:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc_unified_v19",
"product": {
"name": "simatic_wincc_unified_v19",
"product_id": "CSAFPID-1741177",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc_unified_v19:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc_v16",
"product": {
"name": "simatic_wincc_v16",
"product_id": "CSAFPID-1702687",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc_v16:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc_v17",
"product": {
"name": "simatic_wincc_v17",
"product_id": "CSAFPID-1702688",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc_v17:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc_v18",
"product": {
"name": "simatic_wincc_v18",
"product_id": "CSAFPID-1703195",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc_v18:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc_v19",
"product": {
"name": "simatic_wincc_v19",
"product_id": "CSAFPID-1741178",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc_v19:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simcenter_femap_v2306",
"product": {
"name": "simcenter_femap_v2306",
"product_id": "CSAFPID-1703072",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simcenter_femap_v2306:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simcenter_femap_v2401",
"product": {
"name": "simcenter_femap_v2401",
"product_id": "CSAFPID-1741172",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simcenter_femap_v2401:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simcenter_femap_v2406",
"product": {
"name": "simcenter_femap_v2406",
"product_id": "CSAFPID-1741173",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simcenter_femap_v2406:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simcenter_nastran",
"product": {
"name": "simcenter_nastran",
"product_id": "CSAFPID-1741174",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simcenter_nastran:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simcenter_nastran",
"product": {
"name": "simcenter_nastran",
"product_id": "CSAFPID-1676184",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simcenter_nastran:2306.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simcenter_nastran",
"product": {
"name": "simcenter_nastran",
"product_id": "CSAFPID-1676183",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simcenter_nastran:2312.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simcenter_nastran",
"product": {
"name": "simcenter_nastran",
"product_id": "CSAFPID-1676182",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simcenter_nastran:2406.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simcenter_nastran",
"product": {
"name": "simcenter_nastran",
"product_id": "CSAFPID-1741231",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simcenter_nastran:2406.5000:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simcenter_nastran_2306",
"product": {
"name": "simcenter_nastran_2306",
"product_id": "CSAFPID-1504458",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simcenter_nastran_2306:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simcenter_nastran_2306",
"product": {
"name": "simcenter_nastran_2306",
"product_id": "CSAFPID-1478981",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simcenter_nastran_2306:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simcenter_nastran_2312",
"product": {
"name": "simcenter_nastran_2312",
"product_id": "CSAFPID-1504457",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simcenter_nastran_2312:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simcenter_nastran_2312",
"product": {
"name": "simcenter_nastran_2312",
"product_id": "CSAFPID-1478982",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simcenter_nastran_2312:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simcenter_nastran_2406",
"product": {
"name": "simcenter_nastran_2406",
"product_id": "CSAFPID-1504459",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simcenter_nastran_2406:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simcenter_nastran_2406",
"product": {
"name": "simcenter_nastran_2406",
"product_id": "CSAFPID-1478983",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simcenter_nastran_2406:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simocode_es",
"product": {
"name": "simocode_es",
"product_id": "CSAFPID-1713200",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simocode_es:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simocode_es_v16",
"product": {
"name": "simocode_es_v16",
"product_id": "CSAFPID-1702694",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simocode_es_v16:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simocode_es_v17",
"product": {
"name": "simocode_es_v17",
"product_id": "CSAFPID-1703196",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simocode_es_v17:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simocode_es_v18",
"product": {
"name": "simocode_es_v18",
"product_id": "CSAFPID-1703197",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simocode_es_v18:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simocode_es_v19",
"product": {
"name": "simocode_es_v19",
"product_id": "CSAFPID-1741179",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simocode_es_v19:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simotion_scout_tia",
"product": {
"name": "simotion_scout_tia",
"product_id": "CSAFPID-1713201",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simotion_scout_tia:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simotion_scout_tia_v5.4_sp1",
"product": {
"name": "simotion_scout_tia_v5.4_sp1",
"product_id": "CSAFPID-1703198",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simotion_scout_tia_v5.4_sp1:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simotion_scout_tia_v5.4_sp3",
"product": {
"name": "simotion_scout_tia_v5.4_sp3",
"product_id": "CSAFPID-1703199",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simotion_scout_tia_v5.4_sp3:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simotion_scout_tia_v5.5_sp1",
"product": {
"name": "simotion_scout_tia_v5.5_sp1",
"product_id": "CSAFPID-1703200",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simotion_scout_tia_v5.5_sp1:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simotion_scout_tia_v5.6_sp1",
"product": {
"name": "simotion_scout_tia_v5.6_sp1",
"product_id": "CSAFPID-1741180",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simotion_scout_tia_v5.6_sp1:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sinamics_startdrive",
"product": {
"name": "sinamics_startdrive",
"product_id": "CSAFPID-1625341",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sinamics_startdrive:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sinamics_startdrive_v16",
"product": {
"name": "sinamics_startdrive_v16",
"product_id": "CSAFPID-1703201",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sinamics_startdrive_v16:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sinamics_startdrive_v17",
"product": {
"name": "sinamics_startdrive_v17",
"product_id": "CSAFPID-1703202",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sinamics_startdrive_v17:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sinamics_startdrive_v18",
"product": {
"name": "sinamics_startdrive_v18",
"product_id": "CSAFPID-1703203",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sinamics_startdrive_v18:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sinamics_startdrive_v19",
"product": {
"name": "sinamics_startdrive_v19",
"product_id": "CSAFPID-1741181",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sinamics_startdrive_v19:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sirius_safety_es",
"product": {
"name": "sirius_safety_es",
"product_id": "CSAFPID-1713202",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sirius_safety_es:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sirius_safety_es_v17__tia_portal_",
"product": {
"name": "sirius_safety_es_v17__tia_portal_",
"product_id": "CSAFPID-1741182",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sirius_safety_es_v17__tia_portal_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sirius_safety_es_v18__tia_portal_",
"product": {
"name": "sirius_safety_es_v18__tia_portal_",
"product_id": "CSAFPID-1741183",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sirius_safety_es_v18__tia_portal_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sirius_safety_es_v19__tia_portal_",
"product": {
"name": "sirius_safety_es_v19__tia_portal_",
"product_id": "CSAFPID-1741184",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sirius_safety_es_v19__tia_portal_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sirius_soft_starter_es_v17__tia_portal_",
"product": {
"name": "sirius_soft_starter_es_v17__tia_portal_",
"product_id": "CSAFPID-1741185",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sirius_soft_starter_es_v17__tia_portal_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sirius_soft_starter_es_v18__tia_portal_",
"product": {
"name": "sirius_soft_starter_es_v18__tia_portal_",
"product_id": "CSAFPID-1741186",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sirius_soft_starter_es_v18__tia_portal_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sirius_soft_starter_es_v19__tia_portal_",
"product": {
"name": "sirius_soft_starter_es_v19__tia_portal_",
"product_id": "CSAFPID-1741187",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sirius_soft_starter_es_v19__tia_portal_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "solid_edge_se2024",
"product": {
"name": "solid_edge_se2024",
"product_id": "CSAFPID-1680248",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:solid_edge_se2024:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "solid_edge_se2024",
"product": {
"name": "solid_edge_se2024",
"product_id": "CSAFPID-1741081",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:solid_edge_se2024:224.0:update_10:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "solid_edge_se2024",
"product": {
"name": "solid_edge_se2024",
"product_id": "CSAFPID-1741082",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:solid_edge_se2024:224.0:update_4:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "teamcenter_visualization",
"product": {
"name": "teamcenter_visualization",
"product_id": "CSAFPID-342619",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "teamcenter_visualization_v14.2",
"product": {
"name": "teamcenter_visualization_v14.2",
"product_id": "CSAFPID-1615270",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:teamcenter_visualization_v14.2:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "teamcenter_visualization_v14.3",
"product": {
"name": "teamcenter_visualization_v14.3",
"product_id": "CSAFPID-1615271",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:teamcenter_visualization_v14.3:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "teamcenter_visualization_v2312",
"product": {
"name": "teamcenter_visualization_v2312",
"product_id": "CSAFPID-1615272",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:teamcenter_visualization_v2312:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "teamcenter_visualization_v2406",
"product": {
"name": "teamcenter_visualization_v2406",
"product_id": "CSAFPID-1666832",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:teamcenter_visualization_v2406:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "tecnomatix_plant_simulation",
"product": {
"name": "tecnomatix_plant_simulation",
"product_id": "CSAFPID-166120",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "tecnomatix_plant_simulation",
"product": {
"name": "tecnomatix_plant_simulation",
"product_id": "CSAFPID-1220770",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:tecnomatix_plant_simulation:-:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "tecnomatix_plant_simulation",
"product": {
"name": "tecnomatix_plant_simulation",
"product_id": "CSAFPID-1741221",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:tecnomatix_plant_simulation:2302.0016:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "tecnomatix_plant_simulation",
"product": {
"name": "tecnomatix_plant_simulation",
"product_id": "CSAFPID-1727493",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:tecnomatix_plant_simulation:2302.0018:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "tecnomatix_plant_simulation",
"product": {
"name": "tecnomatix_plant_simulation",
"product_id": "CSAFPID-820358",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:tecnomatix_plant_simulation:2302.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "tecnomatix_plant_simulation",
"product": {
"name": "tecnomatix_plant_simulation",
"product_id": "CSAFPID-1673843",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:tecnomatix_plant_simulation:2303.0000:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "tecnomatix_plant_simulation",
"product": {
"name": "tecnomatix_plant_simulation",
"product_id": "CSAFPID-1676081",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:tecnomatix_plant_simulation:2403.0000:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "tecnomatix_plant_simulation",
"product": {
"name": "tecnomatix_plant_simulation",
"product_id": "CSAFPID-1741220",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:tecnomatix_plant_simulation:2404.0005:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "tecnomatix_plant_simulation",
"product": {
"name": "tecnomatix_plant_simulation",
"product_id": "CSAFPID-1727496",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:tecnomatix_plant_simulation:2404.0007:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "tecnomatix_plant_simulation",
"product": {
"name": "tecnomatix_plant_simulation",
"product_id": "CSAFPID-1643856",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:tecnomatix_plant_simulation:2404.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "tecnomatix_plant_simulation",
"product": {
"name": "tecnomatix_plant_simulation",
"product_id": "CSAFPID-1727495",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:tecnomatix_plant_simulation:v2302.0018:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "tecnomatix_plant_simulation",
"product": {
"name": "tecnomatix_plant_simulation",
"product_id": "CSAFPID-1727494",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:tecnomatix_plant_simulation:v2404.0007:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "tecnomatix_plant_simulation_v2302",
"product": {
"name": "tecnomatix_plant_simulation_v2302",
"product_id": "CSAFPID-1637816",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2302:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "tecnomatix_plant_simulation_v2302",
"product": {
"name": "tecnomatix_plant_simulation_v2302",
"product_id": "CSAFPID-1465025",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2302:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "tecnomatix_plant_simulation_v2404",
"product": {
"name": "tecnomatix_plant_simulation_v2404",
"product_id": "CSAFPID-1637817",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2404:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "tecnomatix_plant_simulation_v2404",
"product": {
"name": "tecnomatix_plant_simulation_v2404",
"product_id": "CSAFPID-1476361",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2404:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "tia_portal_cloud",
"product": {
"name": "tia_portal_cloud",
"product_id": "CSAFPID-1713204",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:tia_portal_cloud:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "tia_portal_cloud_v16",
"product": {
"name": "tia_portal_cloud_v16",
"product_id": "CSAFPID-1712827",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:tia_portal_cloud_v16:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "tia_portal_cloud_v17",
"product": {
"name": "tia_portal_cloud_v17",
"product_id": "CSAFPID-1712828",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:tia_portal_cloud_v17:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "tia_portal_cloud_v18",
"product": {
"name": "tia_portal_cloud_v18",
"product_id": "CSAFPID-1712829",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:tia_portal_cloud_v18:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "tia_portal_cloud_v19",
"product": {
"name": "tia_portal_cloud_v19",
"product_id": "CSAFPID-1741188",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:tia_portal_cloud_v19:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "ruggedcom_rox_mx5000",
"product": {
"name": "ruggedcom_rox_mx5000",
"product_id": "CSAFPID-77041",
"product_identification_helper": {
"cpe": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "ruggedcom_rox_mx5000re",
"product": {
"name": "ruggedcom_rox_mx5000re",
"product_id": "CSAFPID-540801",
"product_identification_helper": {
"cpe": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "ruggedcom_rox_rx1400",
"product": {
"name": "ruggedcom_rox_rx1400",
"product_id": "CSAFPID-77038",
"product_identification_helper": {
"cpe": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "ruggedcom_rox_rx1500",
"product": {
"name": "ruggedcom_rox_rx1500",
"product_id": "CSAFPID-77043",
"product_identification_helper": {
"cpe": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "ruggedcom_rox_rx1501",
"product": {
"name": "ruggedcom_rox_rx1501",
"product_id": "CSAFPID-77042",
"product_identification_helper": {
"cpe": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "ruggedcom_rox_rx1510",
"product": {
"name": "ruggedcom_rox_rx1510",
"product_id": "CSAFPID-77035",
"product_identification_helper": {
"cpe": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "ruggedcom_rox_rx1511",
"product": {
"name": "ruggedcom_rox_rx1511",
"product_id": "CSAFPID-77039",
"product_identification_helper": {
"cpe": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "ruggedcom_rox_rx1512",
"product": {
"name": "ruggedcom_rox_rx1512",
"product_id": "CSAFPID-77037",
"product_identification_helper": {
"cpe": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "ruggedcom_rox_rx1524",
"product": {
"name": "ruggedcom_rox_rx1524",
"product_id": "CSAFPID-77040",
"product_identification_helper": {
"cpe": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "ruggedcom_rox_rx1536",
"product": {
"name": "ruggedcom_rox_rx1536",
"product_id": "CSAFPID-77036",
"product_identification_helper": {
"cpe": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "ruggedcom_rox_rx5000",
"product": {
"name": "ruggedcom_rox_rx5000",
"product_id": "CSAFPID-77034",
"product_identification_helper": {
"cpe": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-28398",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"notes": [
{
"category": "other",
"text": "Cross-Site Request Forgery (CSRF)",
"title": "CWE-352"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1613204",
"CSAFPID-1613205",
"CSAFPID-1613206",
"CSAFPID-1613207",
"CSAFPID-1613208",
"CSAFPID-1613209",
"CSAFPID-1613210",
"CSAFPID-1613211",
"CSAFPID-1613212",
"CSAFPID-1613213",
"CSAFPID-1613214",
"CSAFPID-77041",
"CSAFPID-540801",
"CSAFPID-77038",
"CSAFPID-77043",
"CSAFPID-77042",
"CSAFPID-77035",
"CSAFPID-77039",
"CSAFPID-77037",
"CSAFPID-77040",
"CSAFPID-77036",
"CSAFPID-77034"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-28398",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-28398.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1613204",
"CSAFPID-1613205",
"CSAFPID-1613206",
"CSAFPID-1613207",
"CSAFPID-1613208",
"CSAFPID-1613209",
"CSAFPID-1613210",
"CSAFPID-1613211",
"CSAFPID-1613212",
"CSAFPID-1613213",
"CSAFPID-1613214",
"CSAFPID-77041",
"CSAFPID-540801",
"CSAFPID-77038",
"CSAFPID-77043",
"CSAFPID-77042",
"CSAFPID-77035",
"CSAFPID-77039",
"CSAFPID-77037",
"CSAFPID-77040",
"CSAFPID-77036",
"CSAFPID-77034"
]
}
],
"title": "CVE-2020-28398"
},
{
"cve": "CVE-2024-6657",
"cwe": {
"id": "CWE-821",
"name": "Incorrect Synchronization"
},
"notes": [
{
"category": "other",
"text": "Incorrect Synchronization",
"title": "CWE-821"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1666785",
"CSAFPID-1741465"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-6657",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6657.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1666785",
"CSAFPID-1741465"
]
}
],
"title": "CVE-2024-6657"
},
{
"cve": "CVE-2024-41981",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1478981",
"CSAFPID-1478982",
"CSAFPID-1478983",
"CSAFPID-1504458",
"CSAFPID-1504457",
"CSAFPID-1504459",
"CSAFPID-1703072",
"CSAFPID-1741172",
"CSAFPID-1741173",
"CSAFPID-1741174"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-41981",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41981.json"
}
],
"title": "CVE-2024-41981"
},
{
"cve": "CVE-2024-45463",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1465025",
"CSAFPID-1476361",
"CSAFPID-1637816",
"CSAFPID-1637817",
"CSAFPID-166120",
"CSAFPID-1615270",
"CSAFPID-1615271",
"CSAFPID-1615272"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45463",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45463.json"
}
],
"title": "CVE-2024-45463"
},
{
"cve": "CVE-2024-45464",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1465025",
"CSAFPID-1476361",
"CSAFPID-1637816",
"CSAFPID-1637817",
"CSAFPID-166120",
"CSAFPID-1615270",
"CSAFPID-1615271",
"CSAFPID-1615272"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45464",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45464.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1465025",
"CSAFPID-1476361",
"CSAFPID-1637816",
"CSAFPID-1637817",
"CSAFPID-166120",
"CSAFPID-1615270",
"CSAFPID-1615271",
"CSAFPID-1615272"
]
}
],
"title": "CVE-2024-45464"
},
{
"cve": "CVE-2024-45465",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1465025",
"CSAFPID-1476361",
"CSAFPID-1637816",
"CSAFPID-1637817",
"CSAFPID-166120",
"CSAFPID-1615270",
"CSAFPID-1615271",
"CSAFPID-1615272"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45465",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45465.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1465025",
"CSAFPID-1476361",
"CSAFPID-1637816",
"CSAFPID-1637817",
"CSAFPID-166120",
"CSAFPID-1615270",
"CSAFPID-1615271",
"CSAFPID-1615272"
]
}
],
"title": "CVE-2024-45465"
},
{
"cve": "CVE-2024-45466",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1465025",
"CSAFPID-1476361",
"CSAFPID-1637816",
"CSAFPID-1637817",
"CSAFPID-166120",
"CSAFPID-1615270",
"CSAFPID-1615271",
"CSAFPID-1615272"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45466",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45466.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1465025",
"CSAFPID-1476361",
"CSAFPID-1637816",
"CSAFPID-1637817",
"CSAFPID-166120",
"CSAFPID-1615270",
"CSAFPID-1615271",
"CSAFPID-1615272"
]
}
],
"title": "CVE-2024-45466"
},
{
"cve": "CVE-2024-45467",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1465025",
"CSAFPID-1476361",
"CSAFPID-1637816",
"CSAFPID-1637817",
"CSAFPID-166120",
"CSAFPID-1615270",
"CSAFPID-1615271",
"CSAFPID-1615272"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45467",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45467.json"
}
],
"title": "CVE-2024-45467"
},
{
"cve": "CVE-2024-45468",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1465025",
"CSAFPID-1476361",
"CSAFPID-1637816",
"CSAFPID-1637817",
"CSAFPID-166120",
"CSAFPID-1615270",
"CSAFPID-1615271",
"CSAFPID-1615272"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45468",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45468.json"
}
],
"title": "CVE-2024-45468"
},
{
"cve": "CVE-2024-45469",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1465025",
"CSAFPID-1476361",
"CSAFPID-1637816",
"CSAFPID-1637817",
"CSAFPID-166120",
"CSAFPID-1615270",
"CSAFPID-1615271",
"CSAFPID-1615272"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45469",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45469.json"
}
],
"title": "CVE-2024-45469"
},
{
"cve": "CVE-2024-45470",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1465025",
"CSAFPID-1476361",
"CSAFPID-1637816",
"CSAFPID-1637817",
"CSAFPID-166120",
"CSAFPID-1615270",
"CSAFPID-1615271",
"CSAFPID-1615272"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45470",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45470.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1465025",
"CSAFPID-1476361",
"CSAFPID-1637816",
"CSAFPID-1637817",
"CSAFPID-166120",
"CSAFPID-1615270",
"CSAFPID-1615271",
"CSAFPID-1615272"
]
}
],
"title": "CVE-2024-45470"
},
{
"cve": "CVE-2024-45471",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1465025",
"CSAFPID-1476361",
"CSAFPID-1637816",
"CSAFPID-1637817",
"CSAFPID-166120",
"CSAFPID-1615270",
"CSAFPID-1615271",
"CSAFPID-1615272"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45471",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45471.json"
}
],
"title": "CVE-2024-45471"
},
{
"cve": "CVE-2024-45472",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1465025",
"CSAFPID-1476361",
"CSAFPID-1637816",
"CSAFPID-1637817",
"CSAFPID-166120",
"CSAFPID-1615270",
"CSAFPID-1615271",
"CSAFPID-1615272"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45472",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45472.json"
}
],
"title": "CVE-2024-45472"
},
{
"cve": "CVE-2024-45473",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1465025",
"CSAFPID-1476361",
"CSAFPID-1637816",
"CSAFPID-1637817",
"CSAFPID-166120",
"CSAFPID-1615270",
"CSAFPID-1615271",
"CSAFPID-1615272"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45473",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45473.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1465025",
"CSAFPID-1476361",
"CSAFPID-1637816",
"CSAFPID-1637817",
"CSAFPID-166120",
"CSAFPID-1615270",
"CSAFPID-1615271",
"CSAFPID-1615272"
]
}
],
"title": "CVE-2024-45473"
},
{
"cve": "CVE-2024-45474",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1465025",
"CSAFPID-1476361",
"CSAFPID-1637816",
"CSAFPID-1637817",
"CSAFPID-166120",
"CSAFPID-1615270",
"CSAFPID-1615271",
"CSAFPID-1615272"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45474",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45474.json"
}
],
"title": "CVE-2024-45474"
},
{
"cve": "CVE-2024-45475",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1465025",
"CSAFPID-1476361",
"CSAFPID-1637816",
"CSAFPID-1637817",
"CSAFPID-166120",
"CSAFPID-1615270",
"CSAFPID-1615271",
"CSAFPID-1615272"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45475",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45475.json"
}
],
"title": "CVE-2024-45475"
},
{
"cve": "CVE-2024-45476",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1465025",
"CSAFPID-1476361",
"CSAFPID-1637816",
"CSAFPID-1637817",
"CSAFPID-166120",
"CSAFPID-1615270",
"CSAFPID-1615271",
"CSAFPID-1615272"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45476",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45476.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1465025",
"CSAFPID-1476361",
"CSAFPID-1637816",
"CSAFPID-1637817",
"CSAFPID-166120",
"CSAFPID-1615270",
"CSAFPID-1615271",
"CSAFPID-1615272"
]
}
],
"title": "CVE-2024-45476"
},
{
"cve": "CVE-2024-47046",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1478981",
"CSAFPID-1478982",
"CSAFPID-1478983",
"CSAFPID-1504458",
"CSAFPID-1504457",
"CSAFPID-1504459",
"CSAFPID-1703072",
"CSAFPID-1741172",
"CSAFPID-1741173",
"CSAFPID-1741174"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47046",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47046.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1478981",
"CSAFPID-1478982",
"CSAFPID-1478983",
"CSAFPID-1504458",
"CSAFPID-1504457",
"CSAFPID-1504459",
"CSAFPID-1703072",
"CSAFPID-1741172",
"CSAFPID-1741173",
"CSAFPID-1741174"
]
}
],
"title": "CVE-2024-47046"
},
{
"cve": "CVE-2024-49704",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1702511",
"CSAFPID-1741068",
"CSAFPID-1741069",
"CSAFPID-1741070",
"CSAFPID-1741071",
"CSAFPID-1741072",
"CSAFPID-1741073",
"CSAFPID-396548"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-49704",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-49704.json"
}
],
"title": "CVE-2024-49704"
},
{
"cve": "CVE-2024-49849",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
}
],
"product_status": {
"known_affected": [
"CSAFPID-99097",
"CSAFPID-75563",
"CSAFPID-1713199",
"CSAFPID-1625341",
"CSAFPID-1713202",
"CSAFPID-1713204",
"CSAFPID-1712825",
"CSAFPID-1712826",
"CSAFPID-1703190",
"CSAFPID-1703191",
"CSAFPID-1500667",
"CSAFPID-1741175",
"CSAFPID-1703187",
"CSAFPID-1703188",
"CSAFPID-1703189",
"CSAFPID-1741176",
"CSAFPID-1703192",
"CSAFPID-1703193",
"CSAFPID-1703194",
"CSAFPID-1741177",
"CSAFPID-1702687",
"CSAFPID-1702688",
"CSAFPID-1703195",
"CSAFPID-1741178",
"CSAFPID-1702694",
"CSAFPID-1703196",
"CSAFPID-1703197",
"CSAFPID-1741179",
"CSAFPID-1703198",
"CSAFPID-1703199",
"CSAFPID-1703200",
"CSAFPID-1741180",
"CSAFPID-1703201",
"CSAFPID-1703202",
"CSAFPID-1703203",
"CSAFPID-1741181",
"CSAFPID-1741182",
"CSAFPID-1741183",
"CSAFPID-1741184",
"CSAFPID-1741185",
"CSAFPID-1741186",
"CSAFPID-1741187",
"CSAFPID-1712827",
"CSAFPID-1712828",
"CSAFPID-1712829",
"CSAFPID-1741188"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-49849",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-49849.json"
}
],
"title": "CVE-2024-49849"
},
{
"cve": "CVE-2024-52051",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-99097",
"CSAFPID-75563",
"CSAFPID-1713199",
"CSAFPID-1625341",
"CSAFPID-1713202",
"CSAFPID-1713204",
"CSAFPID-1712826",
"CSAFPID-1741189",
"CSAFPID-1703191",
"CSAFPID-1500667",
"CSAFPID-1741175",
"CSAFPID-1703188",
"CSAFPID-1703189",
"CSAFPID-1741176",
"CSAFPID-1637854",
"CSAFPID-1741190",
"CSAFPID-1703193",
"CSAFPID-1703194",
"CSAFPID-1741177",
"CSAFPID-1702688",
"CSAFPID-1703195",
"CSAFPID-1741178",
"CSAFPID-1703196",
"CSAFPID-1703197",
"CSAFPID-1741179",
"CSAFPID-1703199",
"CSAFPID-1703200",
"CSAFPID-1741180",
"CSAFPID-1703202",
"CSAFPID-1703203",
"CSAFPID-1741181",
"CSAFPID-1741182",
"CSAFPID-1741183",
"CSAFPID-1741184",
"CSAFPID-1741185",
"CSAFPID-1741186",
"CSAFPID-1741187",
"CSAFPID-1712828",
"CSAFPID-1712829",
"CSAFPID-1741188"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-52051",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-52051.json"
}
],
"title": "CVE-2024-52051"
},
{
"cve": "CVE-2024-52565",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637816",
"CSAFPID-1637817",
"CSAFPID-1220770",
"CSAFPID-166120",
"CSAFPID-1615270",
"CSAFPID-1615271",
"CSAFPID-1615272",
"CSAFPID-1666832"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-52565",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-52565.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1637816",
"CSAFPID-1637817",
"CSAFPID-1220770",
"CSAFPID-166120",
"CSAFPID-1615270",
"CSAFPID-1615271",
"CSAFPID-1615272",
"CSAFPID-1666832"
]
}
],
"title": "CVE-2024-52565"
},
{
"cve": "CVE-2024-52566",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637816",
"CSAFPID-1637817",
"CSAFPID-1220770",
"CSAFPID-166120",
"CSAFPID-1615270",
"CSAFPID-1615271",
"CSAFPID-1615272",
"CSAFPID-1666832"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-52566",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-52566.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1637816",
"CSAFPID-1637817",
"CSAFPID-1220770",
"CSAFPID-166120",
"CSAFPID-1615270",
"CSAFPID-1615271",
"CSAFPID-1615272",
"CSAFPID-1666832"
]
}
],
"title": "CVE-2024-52566"
},
{
"cve": "CVE-2024-52567",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637816",
"CSAFPID-1637817",
"CSAFPID-166120",
"CSAFPID-1220770",
"CSAFPID-1615270",
"CSAFPID-1615271",
"CSAFPID-1615272",
"CSAFPID-1666832"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-52567",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-52567.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1637816",
"CSAFPID-1637817",
"CSAFPID-166120",
"CSAFPID-1220770",
"CSAFPID-1615270",
"CSAFPID-1615271",
"CSAFPID-1615272",
"CSAFPID-1666832"
]
}
],
"title": "CVE-2024-52567"
},
{
"cve": "CVE-2024-52568",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637816",
"CSAFPID-1637817",
"CSAFPID-166120",
"CSAFPID-1220770",
"CSAFPID-1615270",
"CSAFPID-1615271",
"CSAFPID-1615272",
"CSAFPID-1666832"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-52568",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-52568.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1637816",
"CSAFPID-1637817",
"CSAFPID-166120",
"CSAFPID-1220770",
"CSAFPID-1615270",
"CSAFPID-1615271",
"CSAFPID-1615272",
"CSAFPID-1666832"
]
}
],
"title": "CVE-2024-52568"
},
{
"cve": "CVE-2024-52569",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637816",
"CSAFPID-1637817",
"CSAFPID-1220770",
"CSAFPID-166120",
"CSAFPID-1615270",
"CSAFPID-1615271",
"CSAFPID-1615272",
"CSAFPID-1666832"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-52569",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-52569.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1637816",
"CSAFPID-1637817",
"CSAFPID-1220770",
"CSAFPID-166120",
"CSAFPID-1615270",
"CSAFPID-1615271",
"CSAFPID-1615272",
"CSAFPID-1666832"
]
}
],
"title": "CVE-2024-52569"
},
{
"cve": "CVE-2024-52570",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637816",
"CSAFPID-1637817",
"CSAFPID-1220770",
"CSAFPID-166120",
"CSAFPID-1615270",
"CSAFPID-1615271",
"CSAFPID-1615272",
"CSAFPID-1666832"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-52570",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-52570.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1637816",
"CSAFPID-1637817",
"CSAFPID-1220770",
"CSAFPID-166120",
"CSAFPID-1615270",
"CSAFPID-1615271",
"CSAFPID-1615272",
"CSAFPID-1666832"
]
}
],
"title": "CVE-2024-52570"
},
{
"cve": "CVE-2024-52571",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637816",
"CSAFPID-1637817",
"CSAFPID-166120",
"CSAFPID-1615270",
"CSAFPID-1615271",
"CSAFPID-1615272",
"CSAFPID-1666832"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-52571",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-52571.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1637816",
"CSAFPID-1637817",
"CSAFPID-166120",
"CSAFPID-1615270",
"CSAFPID-1615271",
"CSAFPID-1615272",
"CSAFPID-1666832"
]
}
],
"title": "CVE-2024-52571"
},
{
"cve": "CVE-2024-52572",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637816",
"CSAFPID-1637817",
"CSAFPID-166120",
"CSAFPID-1615270",
"CSAFPID-1615271",
"CSAFPID-1615272",
"CSAFPID-1666832"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-52572",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-52572.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1637816",
"CSAFPID-1637817",
"CSAFPID-166120",
"CSAFPID-1615270",
"CSAFPID-1615271",
"CSAFPID-1615272",
"CSAFPID-1666832"
]
}
],
"title": "CVE-2024-52572"
},
{
"cve": "CVE-2024-52573",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637816",
"CSAFPID-1637817",
"CSAFPID-166120",
"CSAFPID-1615270",
"CSAFPID-1615271",
"CSAFPID-1615272",
"CSAFPID-1666832"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-52573",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-52573.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1637816",
"CSAFPID-1637817",
"CSAFPID-166120",
"CSAFPID-1615270",
"CSAFPID-1615271",
"CSAFPID-1615272",
"CSAFPID-1666832"
]
}
],
"title": "CVE-2024-52573"
},
{
"cve": "CVE-2024-52574",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637816",
"CSAFPID-1637817",
"CSAFPID-166120",
"CSAFPID-1615270",
"CSAFPID-1615271",
"CSAFPID-1615272",
"CSAFPID-1666832"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-52574",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-52574.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1637816",
"CSAFPID-1637817",
"CSAFPID-166120",
"CSAFPID-1615270",
"CSAFPID-1615271",
"CSAFPID-1615272",
"CSAFPID-1666832"
]
}
],
"title": "CVE-2024-52574"
},
{
"cve": "CVE-2024-53041",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
}
],
"product_status": {
"known_affected": [
"CSAFPID-342619",
"CSAFPID-166120",
"CSAFPID-1615270",
"CSAFPID-1615271",
"CSAFPID-1615272",
"CSAFPID-1637816",
"CSAFPID-1637817"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-53041",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-53041.json"
}
],
"title": "CVE-2024-53041"
},
{
"cve": "CVE-2024-53242",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
}
],
"product_status": {
"known_affected": [
"CSAFPID-342619",
"CSAFPID-166120",
"CSAFPID-1615270",
"CSAFPID-1615271",
"CSAFPID-1615272",
"CSAFPID-1637816",
"CSAFPID-1637817"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-53242",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-53242.json"
}
],
"title": "CVE-2024-53242"
},
{
"cve": "CVE-2024-53832",
"cwe": {
"id": "CWE-522",
"name": "Insufficiently Protected Credentials"
},
"notes": [
{
"category": "other",
"text": "Insufficiently Protected Credentials",
"title": "CWE-522"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1478257"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-53832",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-53832.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1478257"
]
}
],
"title": "CVE-2024-53832"
},
{
"cve": "CVE-2024-54005",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
}
],
"product_status": {
"known_affected": [
"CSAFPID-396548",
"CSAFPID-1702511",
"CSAFPID-1741068",
"CSAFPID-1741069",
"CSAFPID-1741070",
"CSAFPID-1741071",
"CSAFPID-1741072",
"CSAFPID-1741073"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-54005",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-54005.json"
}
],
"title": "CVE-2024-54005"
},
{
"cve": "CVE-2024-54093",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1680248"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-54093",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-54093.json"
}
],
"title": "CVE-2024-54093"
},
{
"cve": "CVE-2024-54094",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1680248"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-54094",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-54094.json"
}
],
"title": "CVE-2024-54094"
},
{
"cve": "CVE-2024-54095",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"notes": [
{
"category": "other",
"text": "Integer Underflow (Wrap or Wraparound)",
"title": "CWE-191"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1680248"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-54095",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-54095.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1680248"
]
}
],
"title": "CVE-2024-54095"
}
]
}
SSA-392859
Vulnerability from csaf_siemens - Published: 2024-12-10 00:00 - Updated: 2025-12-09 00:00Summary
SSA-392859: Local Arbitrary Code Execution Vulnerability in Siemens Engineering Platforms before V20
Notes
Summary: Affected products contain a local arbitrary code execution vulnerability that could allow an attacker to perform actions against the operation system of that environment.
Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available.
Siemens has released products based on the Totally Integrated Automation Portal (TIA Portal) V20 which are not affected by CVE-2024-52051. See the chapter "Additional Information" below for more details.
General Recommendations: As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources: For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use: The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
CWE-20
- Improper Input Validation
Affected products
Known affected
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC S7-PLCSIM V17
Siemens / SIMATIC S7-PLCSIM V17
|
vers:all/* |
None Available
|
|
|
SIMATIC S7-PLCSIM V18
Siemens / SIMATIC S7-PLCSIM V18
|
vers:all/* |
None Available
|
|
|
SIMATIC STEP 7 Safety V17
Siemens / SIMATIC STEP 7 Safety V17
|
All versions < V17 Update 9 |
Vendor Fix
fix
|
|
|
SIMATIC STEP 7 Safety V18
Siemens / SIMATIC STEP 7 Safety V18
|
vers:all/* |
None Available
|
|
|
SIMATIC STEP 7 Safety V19
Siemens / SIMATIC STEP 7 Safety V19
|
All versions < V19 Update 4 |
Vendor Fix
fix
|
|
|
SIMATIC STEP 7 V17
Siemens / SIMATIC STEP 7 V17
|
All versions < V17 Update 9 |
Vendor Fix
fix
|
|
|
SIMATIC STEP 7 V18
Siemens / SIMATIC STEP 7 V18
|
vers:all/* |
None Available
|
|
|
SIMATIC STEP 7 V19
Siemens / SIMATIC STEP 7 V19
|
All versions < V19 Update 4 |
Vendor Fix
fix
|
|
|
SIMATIC WinCC Unified PC Runtime V18
Siemens / SIMATIC WinCC Unified PC Runtime V18
|
vers:all/* |
None Available
|
|
|
SIMATIC WinCC Unified PC Runtime V19
Siemens / SIMATIC WinCC Unified PC Runtime V19
|
All versions < V19 Update 4 |
Vendor Fix
fix
|
|
|
SIMATIC WinCC Unified V17
Siemens / SIMATIC WinCC Unified V17
|
All versions < V17 Update 9 |
Vendor Fix
fix
|
|
|
SIMATIC WinCC Unified V18
Siemens / SIMATIC WinCC Unified V18
|
vers:all/* |
None Available
|
|
|
SIMATIC WinCC Unified V19
Siemens / SIMATIC WinCC Unified V19
|
All versions < V19 Update 4 |
Vendor Fix
fix
|
|
|
SIMATIC WinCC V17
Siemens / SIMATIC WinCC V17
|
All versions < V17 Update 9 |
Vendor Fix
fix
|
|
|
SIMATIC WinCC V18
Siemens / SIMATIC WinCC V18
|
vers:all/* |
None Available
|
|
|
SIMATIC WinCC V19
Siemens / SIMATIC WinCC V19
|
All versions < V19 Update 4 |
Vendor Fix
fix
|
|
|
SIMOCODE ES V17
Siemens / SIMOCODE ES V17
|
vers:all/* |
None Available
|
|
|
SIMOCODE ES V18
Siemens / SIMOCODE ES V18
|
vers:all/* |
None Available
|
|
|
SIMOCODE ES V19
Siemens / SIMOCODE ES V19
|
vers:all/* |
None Available
|
|
|
SIMOTION SCOUT TIA V5.4
Siemens / SIMOTION SCOUT TIA V5.4
|
vers:all/* |
None Available
|
|
|
SIMOTION SCOUT TIA V5.5
Siemens / SIMOTION SCOUT TIA V5.5
|
vers:all/* |
None Available
|
|
|
SIMOTION SCOUT TIA V5.6
Siemens / SIMOTION SCOUT TIA V5.6
|
All versions < V5.6 SP1 HF7 |
Vendor Fix
fix
|
|
|
SINAMICS Startdrive V17
Siemens / SINAMICS Startdrive V17
|
vers:all/* |
None Available
|
|
|
SINAMICS Startdrive V18
Siemens / SINAMICS Startdrive V18
|
vers:all/* |
None Available
|
|
|
SINAMICS Startdrive V19
Siemens / SINAMICS Startdrive V19
|
vers:all/* |
None Available
|
|
|
SIRIUS Safety ES V17 (TIA Portal)
Siemens / SIRIUS Safety ES V17 (TIA Portal)
|
vers:all/* |
None Available
|
|
|
SIRIUS Safety ES V18 (TIA Portal)
Siemens / SIRIUS Safety ES V18 (TIA Portal)
|
vers:all/* |
None Available
|
|
|
SIRIUS Safety ES V19 (TIA Portal)
Siemens / SIRIUS Safety ES V19 (TIA Portal)
|
vers:all/* |
None Available
|
|
|
SIRIUS Soft Starter ES V17 (TIA Portal)
Siemens / SIRIUS Soft Starter ES V17 (TIA Portal)
|
vers:all/* |
None Available
|
|
|
SIRIUS Soft Starter ES V18 (TIA Portal)
Siemens / SIRIUS Soft Starter ES V18 (TIA Portal)
|
vers:all/* |
None Available
|
|
|
SIRIUS Soft Starter ES V19 (TIA Portal)
Siemens / SIRIUS Soft Starter ES V19 (TIA Portal)
|
vers:all/* |
None Available
|
|
|
TIA Portal Cloud V17
Siemens / TIA Portal Cloud V17
|
vers:all/* |
None Available
|
|
|
TIA Portal Cloud V18
Siemens / TIA Portal Cloud V18
|
vers:all/* |
None Available
|
|
|
TIA Portal Cloud V19
Siemens / TIA Portal Cloud V19
|
vers:intdot/<5.2.1.1 |
Vendor Fix
|
References
2 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
"tlp": {
"label": "WHITE"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Affected products contain a local arbitrary code execution vulnerability that could allow an attacker to perform actions against the operation system of that environment.\n\nSiemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available.\n\nSiemens has released products based on the Totally Integrated Automation Portal (TIA Portal) V20 which are not affected by CVE-2024-52051. See the chapter \"Additional Information\" below for more details.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-392859: Local Arbitrary Code Execution Vulnerability in Siemens Engineering Platforms before V20 - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-392859.html"
},
{
"category": "self",
"summary": "SSA-392859: Local Arbitrary Code Execution Vulnerability in Siemens Engineering Platforms before V20 - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-392859.json"
}
],
"title": "SSA-392859: Local Arbitrary Code Execution Vulnerability in Siemens Engineering Platforms before V20",
"tracking": {
"current_release_date": "2025-12-09T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-392859",
"initial_release_date": "2024-12-10T00:00:00Z",
"revision_history": [
{
"date": "2024-12-10T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2025-08-12T00:00:00Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added fix for Totally Integrated Automation Portal (TIA Portal) V19; Name of SIMOTION SCOUT TIA V5.6 SP1 was updated to SIMOTION SCOUT TIA V5.6 and Name of SIMOTION SCOUT TIA V5.5 SP1 was updated to SIMOTION SCOUT TIA V5.5 and Name of SIMOTION SCOUT TIA V5.4 SP3 was updated to SIMOTION SCOUT TIA V5.4"
},
{
"date": "2025-12-09T00:00:00Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Added fix for Totally Integrated Automation Portal (TIA Portal) V17"
}
],
"status": "interim",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC S7-PLCSIM V17",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-PLCSIM V17"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC S7-PLCSIM V18",
"product_id": "2"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-PLCSIM V18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All versions \u003c V17 Update 9",
"product": {
"name": "SIMATIC STEP 7 Safety V17",
"product_id": "3"
}
}
],
"category": "product_name",
"name": "SIMATIC STEP 7 Safety V17"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC STEP 7 Safety V18",
"product_id": "4"
}
}
],
"category": "product_name",
"name": "SIMATIC STEP 7 Safety V18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All versions \u003c V19 Update 4",
"product": {
"name": "SIMATIC STEP 7 Safety V19",
"product_id": "5"
}
}
],
"category": "product_name",
"name": "SIMATIC STEP 7 Safety V19"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All versions \u003c V17 Update 9",
"product": {
"name": "SIMATIC STEP 7 V17",
"product_id": "6"
}
}
],
"category": "product_name",
"name": "SIMATIC STEP 7 V17"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC STEP 7 V18",
"product_id": "7"
}
}
],
"category": "product_name",
"name": "SIMATIC STEP 7 V18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All versions \u003c V19 Update 4",
"product": {
"name": "SIMATIC STEP 7 V19",
"product_id": "8"
}
}
],
"category": "product_name",
"name": "SIMATIC STEP 7 V19"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC WinCC Unified PC Runtime V18",
"product_id": "9"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC Unified PC Runtime V18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All versions \u003c V19 Update 4",
"product": {
"name": "SIMATIC WinCC Unified PC Runtime V19",
"product_id": "10"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC Unified PC Runtime V19"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All versions \u003c V17 Update 9",
"product": {
"name": "SIMATIC WinCC Unified V17",
"product_id": "11"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC Unified V17"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC WinCC Unified V18",
"product_id": "12"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC Unified V18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All versions \u003c V19 Update 4",
"product": {
"name": "SIMATIC WinCC Unified V19",
"product_id": "13"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC Unified V19"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All versions \u003c V17 Update 9",
"product": {
"name": "SIMATIC WinCC V17",
"product_id": "14"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC V17"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC WinCC V18",
"product_id": "15"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC V18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All versions \u003c V19 Update 4",
"product": {
"name": "SIMATIC WinCC V19",
"product_id": "16"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC V19"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMOCODE ES V17",
"product_id": "17"
}
}
],
"category": "product_name",
"name": "SIMOCODE ES V17"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMOCODE ES V18",
"product_id": "18"
}
}
],
"category": "product_name",
"name": "SIMOCODE ES V18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMOCODE ES V19",
"product_id": "19"
}
}
],
"category": "product_name",
"name": "SIMOCODE ES V19"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMOTION SCOUT TIA V5.4",
"product_id": "20"
}
}
],
"category": "product_name",
"name": "SIMOTION SCOUT TIA V5.4"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMOTION SCOUT TIA V5.5",
"product_id": "21"
}
}
],
"category": "product_name",
"name": "SIMOTION SCOUT TIA V5.5"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All versions \u003c V5.6 SP1 HF7",
"product": {
"name": "SIMOTION SCOUT TIA V5.6",
"product_id": "22"
}
}
],
"category": "product_name",
"name": "SIMOTION SCOUT TIA V5.6"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SINAMICS Startdrive V17",
"product_id": "23"
}
}
],
"category": "product_name",
"name": "SINAMICS Startdrive V17"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SINAMICS Startdrive V18",
"product_id": "24"
}
}
],
"category": "product_name",
"name": "SINAMICS Startdrive V18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SINAMICS Startdrive V19",
"product_id": "25"
}
}
],
"category": "product_name",
"name": "SINAMICS Startdrive V19"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIRIUS Safety ES V17 (TIA Portal)",
"product_id": "26"
}
}
],
"category": "product_name",
"name": "SIRIUS Safety ES V17 (TIA Portal)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIRIUS Safety ES V18 (TIA Portal)",
"product_id": "27"
}
}
],
"category": "product_name",
"name": "SIRIUS Safety ES V18 (TIA Portal)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIRIUS Safety ES V19 (TIA Portal)",
"product_id": "28"
}
}
],
"category": "product_name",
"name": "SIRIUS Safety ES V19 (TIA Portal)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIRIUS Soft Starter ES V17 (TIA Portal)",
"product_id": "29"
}
}
],
"category": "product_name",
"name": "SIRIUS Soft Starter ES V17 (TIA Portal)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIRIUS Soft Starter ES V18 (TIA Portal)",
"product_id": "30"
}
}
],
"category": "product_name",
"name": "SIRIUS Soft Starter ES V18 (TIA Portal)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIRIUS Soft Starter ES V19 (TIA Portal)",
"product_id": "31"
}
}
],
"category": "product_name",
"name": "SIRIUS Soft Starter ES V19 (TIA Portal)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "TIA Portal Cloud V17",
"product_id": "32"
}
}
],
"category": "product_name",
"name": "TIA Portal Cloud V17"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "TIA Portal Cloud V18",
"product_id": "33"
}
}
],
"category": "product_name",
"name": "TIA Portal Cloud V18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c5.2.1.1",
"product": {
"name": "TIA Portal Cloud V19",
"product_id": "34"
}
}
],
"category": "product_name",
"name": "TIA Portal Cloud V19"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-52051",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The affected devices do not properly sanitize user-controllable input when parsing user settings. This could allow an attacker to locally execute arbitrary commands in the host operating system with the privileges of the user.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"32",
"33",
"34"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"4",
"7",
"9",
"12",
"15",
"17",
"18",
"19",
"20",
"21",
"23",
"24",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"32",
"33"
]
},
{
"category": "vendor_fix",
"details": "Update to V17 Update 9 or later version",
"product_ids": [
"3",
"6",
"11",
"14"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109784441/"
},
{
"category": "vendor_fix",
"details": "Update to V19 Update 4 or later version",
"product_ids": [
"5",
"8",
"10",
"13",
"16"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109925643/"
},
{
"category": "vendor_fix",
"details": "Update to V5.6 SP1 HF7 or later version",
"product_ids": [
"22"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109989067/"
},
{
"category": "vendor_fix",
"details": "TIA Portal Cloud V5.2.1.1 or later version updated TIA Portal to V19 Update 4 or later version",
"product_ids": [
"34"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"32",
"33",
"34"
]
}
],
"title": "CVE-2024-52051"
}
]
}
WID-SEC-W-2024-3656
Vulnerability from csaf_certbund - Published: 2024-12-10 23:00 - Updated: 2024-12-10 23:00Summary
Siemens SIMATIC S7: Mehrere Schwachstellen ermöglichen Codeausführung
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Die SIMATIC S7 ist eine Serie von SPS (Speicherprogrammierbare Steuerungen) für Automatisierungsanwendungen.
Angriff: Ein lokaler Angreifer kann mehrere Schwachstellen in Siemens SIMATIC S7 ausnutzen, um beliebigen Programmcode auszuführen.
Betroffene Betriebssysteme: - Hardware Appliance
Es bestehen mehrere Schwachstellen in Siemens SIMATIC S7. Die betroffenen Produkte bereinigen benutzerkontrollierbare Eingaben beim Parsen von Protokolldateien und Benutzereinstellungen nicht ordnungsgemäß. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code innerhalb der betroffenen Anwendung oder beliebige Befehle im Host-Betriebssystem mit den Rechten des Benutzers auszuführen. Die Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt werden zu können.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Siemens SIMATIC S7 V16
Siemens / SIMATIC S7
|
cpe:/h:siemens:simatic_s7:v16
|
V16 | |
|
Siemens SIMATIC S7 V18
Siemens / SIMATIC S7
|
cpe:/h:siemens:simatic_s7:v18
|
V18 | |
|
Siemens SIMATIC S7 V17
Siemens / SIMATIC S7
|
cpe:/h:siemens:simatic_s7:v17
|
V17 |
Es bestehen mehrere Schwachstellen in Siemens SIMATIC S7. Die betroffenen Produkte bereinigen benutzerkontrollierbare Eingaben beim Parsen von Protokolldateien und Benutzereinstellungen nicht ordnungsgemäß. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code innerhalb der betroffenen Anwendung oder beliebige Befehle im Host-Betriebssystem mit den Rechten des Benutzers auszuführen. Die Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt werden zu können.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Siemens SIMATIC S7 V16
Siemens / SIMATIC S7
|
cpe:/h:siemens:simatic_s7:v16
|
V16 | |
|
Siemens SIMATIC S7 V18
Siemens / SIMATIC S7
|
cpe:/h:siemens:simatic_s7:v18
|
V18 | |
|
Siemens SIMATIC S7 V17
Siemens / SIMATIC S7
|
cpe:/h:siemens:simatic_s7:v17
|
V17 |
References
4 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Die SIMATIC S7 ist eine Serie von SPS (Speicherprogrammierbare Steuerungen) f\u00fcr Automatisierungsanwendungen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann mehrere Schwachstellen in Siemens SIMATIC S7 ausnutzen, um beliebigen Programmcode auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Hardware Appliance",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-3656 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3656.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-3656 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3656"
},
{
"category": "external",
"summary": "Siemens Security Advisory SSA-392859 vom 2024-12-10",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-392859.html"
},
{
"category": "external",
"summary": "Siemens Security Advisory SSA-800126 vom 2024-12-10",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-800126.html"
}
],
"source_lang": "en-US",
"title": "Siemens SIMATIC S7: Mehrere Schwachstellen erm\u00f6glichen Codeausf\u00fchrung",
"tracking": {
"current_release_date": "2024-12-10T23:00:00.000+00:00",
"generator": {
"date": "2024-12-11T10:42:00.439+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.10"
}
},
"id": "WID-SEC-W-2024-3656",
"initial_release_date": "2024-12-10T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-12-10T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "V16",
"product": {
"name": "Siemens SIMATIC S7 V16",
"product_id": "T039674",
"product_identification_helper": {
"cpe": "cpe:/h:siemens:simatic_s7:v16"
}
}
},
{
"category": "product_version",
"name": "V17",
"product": {
"name": "Siemens SIMATIC S7 V17",
"product_id": "T039675",
"product_identification_helper": {
"cpe": "cpe:/h:siemens:simatic_s7:v17"
}
}
},
{
"category": "product_version",
"name": "V18",
"product": {
"name": "Siemens SIMATIC S7 V18",
"product_id": "T039676",
"product_identification_helper": {
"cpe": "cpe:/h:siemens:simatic_s7:v18"
}
}
}
],
"category": "product_name",
"name": "SIMATIC S7"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-49849",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Siemens SIMATIC S7. Die betroffenen Produkte bereinigen benutzerkontrollierbare Eingaben beim Parsen von Protokolldateien und Benutzereinstellungen nicht ordnungsgem\u00e4\u00df. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code innerhalb der betroffenen Anwendung oder beliebige Befehle im Host-Betriebssystem mit den Rechten des Benutzers auszuf\u00fchren. Die Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt werden zu k\u00f6nnen."
}
],
"product_status": {
"known_affected": [
"T039674",
"T039676",
"T039675"
]
},
"release_date": "2024-12-10T23:00:00.000+00:00",
"title": "CVE-2024-49849"
},
{
"cve": "CVE-2024-52051",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Siemens SIMATIC S7. Die betroffenen Produkte bereinigen benutzerkontrollierbare Eingaben beim Parsen von Protokolldateien und Benutzereinstellungen nicht ordnungsgem\u00e4\u00df. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code innerhalb der betroffenen Anwendung oder beliebige Befehle im Host-Betriebssystem mit den Rechten des Benutzers auszuf\u00fchren. Die Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt werden zu k\u00f6nnen."
}
],
"product_status": {
"known_affected": [
"T039674",
"T039676",
"T039675"
]
},
"release_date": "2024-12-10T23:00:00.000+00:00",
"title": "CVE-2024-52051"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…