cvelistv5 - cve-2024-33698

CVE-2024-33698 (GCVE-0-2024-33698)

Vulnerability from cvelistv5 – Published: 2024-09-10 09:36 – Updated: 2025-10-14 09:15

Summary

A vulnerability has been identified in Opcenter Quality (All versions < V2406), Opcenter RDnL (All versions < V2410), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SINEC NMS (All versions), SINEMA Remote Connect Client (All versions < V3.2 SP3), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 5), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 3). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 (Critical)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

CWE-122 - Heap-based Buffer Overflow

Assigner

siemens

References

URL

Tags

https://cert-portal.siemens.com/productcert/html/…

Impacted products

Vendor

Product

Version

Siemens

Opcenter Quality

Affected: 0 , < V2406 (custom)

Siemens	Opcenter RDnL	Affected: 0 , < V2410 (custom)
Siemens	SIMATIC PCS neo V4.0	Affected: 0 , < * (custom)
Siemens	SIMATIC PCS neo V4.1	Affected: 0 , < V4.1 Update 2 (custom)
Siemens	SIMATIC PCS neo V5.0	Affected: 0 , < V5.0 Update 1 (custom)
Siemens	SINEC NMS	Affected: 0 , < * (custom)
Siemens	SINEMA Remote Connect Client	Affected: 0 , < V3.2 SP3 (custom)
Siemens	Totally Integrated Automation Portal (TIA Portal) V16	Affected: 0 , < * (custom)
Siemens	Totally Integrated Automation Portal (TIA Portal) V17	Affected: 0 , < V17 Update 8 (custom)
Siemens	Totally Integrated Automation Portal (TIA Portal) V18	Affected: 0 , < V18 Update 5 (custom)
Siemens	Totally Integrated Automation Portal (TIA Portal) V19	Affected: 0 , < V19 Update 3 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:siemens:simatic_pcs_neo:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_pcs_neo",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "4.1_update_2",
                "status": "affected",
                "version": "4.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:siemens:totally_integrated_automation_portal:16:*:*:*:*:*:*:*",
              "cpe:2.3:a:siemens:totally_integrated_automation_portal:18:*:*:*:*:*:*:*",
              "cpe:2.3:a:siemens:totally_integrated_automation_portal:19:*:*:*:*:*:*:*",
              "cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*",
              "cpe:2.3:a:siemens:simatic_pcs_neo:5.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:siemens:simatic_information_server:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:siemens:simatic_information_server:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_information_server",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:siemens:totally_integrated_automation_portal:17:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "totally_integrated_automation_portal",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "17_update_8",
                "status": "affected",
                "version": "17",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-33698",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:32:07.999463Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-10T18:26:36.889Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Opcenter Quality",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2406",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Opcenter RDnL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2410",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC PCS neo V4.0",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC PCS neo V4.1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.1 Update 2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC PCS neo V5.0",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.0 Update 1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINEC NMS",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINEMA Remote Connect Client",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.2 SP3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Totally Integrated Automation Portal (TIA Portal) V16",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Totally Integrated Automation Portal (TIA Portal) V17",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V17 Update 8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Totally Integrated Automation Portal (TIA Portal) V18",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V18 Update 5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Totally Integrated Automation Portal (TIA Portal) V19",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V19 Update 3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in Opcenter Quality (All versions \u003c V2406), Opcenter RDnL (All versions \u003c V2410), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions \u003c V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions \u003c V5.0 Update 1), SINEC NMS (All versions), SINEMA Remote Connect Client (All versions \u003c V3.2 SP3), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions \u003c V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions \u003c V18 Update 5), Totally Integrated Automation Portal (TIA Portal) V19 (All versions \u003c V19 Update 3). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-14T09:15:00.448Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-039007.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2024-33698",
    "datePublished": "2024-09-10T09:36:31.009Z",
    "dateReserved": "2024-04-26T12:32:09.263Z",
    "dateUpdated": "2025-10-14T09:15:00.448Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability has been identified in Opcenter Execution Foundation (All versions), Opcenter Quality (All versions), Opcenter RDL (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions \u003c V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions \u003c V5.0 Update 1), SINEC NMS (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions \u003c V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions \u003c V18 Update 5), Totally Integrated Automation Portal (TIA Portal) V19 (All versions \u003c V19 Update 3). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code.\"}, {\"lang\": \"es\", \"value\": \"Se ha identificado una vulnerabilidad en SIMATIC Information Server 2022 (todas las versiones), SIMATIC Information Server 2024 (todas las versiones), SIMATIC PCS neo V4.0 (todas las versiones), SIMATIC PCS neo V4.1 (todas las versiones \u0026lt; V4.1 Update 2), SIMATIC PCS neo V5.0 (todas las versiones), SINEC NMS (todas las versiones), Totally Integrated Automation Portal (TIA Portal) V16 (todas las versiones), Totally Integrated Automation Portal (TIA Portal) V17 (todas las versiones \u0026lt; V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (todas las versiones), Totally Integrated Automation Portal (TIA Portal) V19 (todas las versiones). Los productos afectados contienen una vulnerabilidad de desbordamiento de b\\u00fafer basada en mont\\u00f3n en el componente UMC integrado. Esto podr\\u00eda permitir que un atacante remoto no autenticado ejecute c\\u00f3digo arbitrario.\"}]",
      "id": "CVE-2024-33698",
      "lastModified": "2025-01-14T11:15:15.373",
      "metrics": "{\"cvssMetricV40\": [{\"source\": \"productcert@siemens.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"4.0\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\", \"baseScore\": 9.3, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"vulnerableSystemConfidentiality\": \"HIGH\", \"vulnerableSystemIntegrity\": \"HIGH\", \"vulnerableSystemAvailability\": \"HIGH\", \"subsequentSystemConfidentiality\": \"NONE\", \"subsequentSystemIntegrity\": \"NONE\", \"subsequentSystemAvailability\": \"NONE\", \"exploitMaturity\": \"NOT_DEFINED\", \"confidentialityRequirements\": \"NOT_DEFINED\", \"integrityRequirements\": \"NOT_DEFINED\", \"availabilityRequirements\": \"NOT_DEFINED\", \"modifiedAttackVector\": \"NOT_DEFINED\", \"modifiedAttackComplexity\": \"NOT_DEFINED\", \"modifiedAttackRequirements\": \"NOT_DEFINED\", \"modifiedPrivilegesRequired\": \"NOT_DEFINED\", \"modifiedUserInteraction\": \"NOT_DEFINED\", \"modifiedVulnerableSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedVulnerableSystemIntegrity\": \"NOT_DEFINED\", \"modifiedVulnerableSystemAvailability\": \"NOT_DEFINED\", \"modifiedSubsequentSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedSubsequentSystemIntegrity\": \"NOT_DEFINED\", \"modifiedSubsequentSystemAvailability\": \"NOT_DEFINED\", \"safety\": \"NOT_DEFINED\", \"automatable\": \"NOT_DEFINED\", \"recovery\": \"NOT_DEFINED\", \"valueDensity\": \"NOT_DEFINED\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\"}}], \"cvssMetricV31\": [{\"source\": \"productcert@siemens.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
      "published": "2024-09-10T10:15:09.707",
      "references": "[{\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-039007.html\", \"source\": \"productcert@siemens.com\"}]",
      "sourceIdentifier": "productcert@siemens.com",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"productcert@siemens.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-122\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-33698\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2024-09-10T10:15:09.707\",\"lastModified\":\"2025-10-14T10:15:34.373\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in Opcenter Quality (All versions \u003c V2406), Opcenter RDnL (All versions \u003c V2410), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions \u003c V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions \u003c V5.0 Update 1), SINEC NMS (All versions), SINEMA Remote Connect Client (All versions \u003c V3.2 SP3), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions \u003c V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions \u003c V18 Update 5), Totally Integrated Automation Portal (TIA Portal) V19 (All versions \u003c V19 Update 3). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code.\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una vulnerabilidad en SIMATIC Information Server 2022 (todas las versiones), SIMATIC Information Server 2024 (todas las versiones), SIMATIC PCS neo V4.0 (todas las versiones), SIMATIC PCS neo V4.1 (todas las versiones \u0026lt; V4.1 Update 2), SIMATIC PCS neo V5.0 (todas las versiones), SINEC NMS (todas las versiones), Totally Integrated Automation Portal (TIA Portal) V16 (todas las versiones), Totally Integrated Automation Portal (TIA Portal) V17 (todas las versiones \u0026lt; V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (todas las versiones), Totally Integrated Automation Portal (TIA Portal) V19 (todas las versiones). Los productos afectados contienen una vulnerabilidad de desbordamiento de b\u00fafer basada en mont\u00f3n en el componente UMC integrado. Esto podr\u00eda permitir que un atacante remoto no autenticado ejecute c\u00f3digo arbitrario.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":9.3,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-122\"}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-039007.html\",\"source\":\"productcert@siemens.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-33698\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-10T17:32:07.999463Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:siemens:simatic_pcs_neo:*:*:*:*:*:*:*:*\"], \"vendor\": \"siemens\", \"product\": \"simatic_pcs_neo\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.0\", \"lessThan\": \"4.1_update_2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:siemens:totally_integrated_automation_portal:16:*:*:*:*:*:*:*\", \"cpe:2.3:a:siemens:totally_integrated_automation_portal:18:*:*:*:*:*:*:*\", \"cpe:2.3:a:siemens:totally_integrated_automation_portal:19:*:*:*:*:*:*:*\", \"cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*\", \"cpe:2.3:a:siemens:simatic_pcs_neo:5.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:siemens:simatic_information_server:2022:*:*:*:*:*:*:*\", \"cpe:2.3:a:siemens:simatic_information_server:2024:*:*:*:*:*:*:*\"], \"vendor\": \"siemens\", \"product\": \"simatic_information_server\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:siemens:totally_integrated_automation_portal:17:*:*:*:*:*:*:*\"], \"vendor\": \"siemens\", \"product\": \"totally_integrated_automation_portal\", \"versions\": [{\"status\": \"affected\", \"version\": \"17\", \"lessThan\": \"17_update_8\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-10T18:24:31.346Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\"}}, {\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 9.3, \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\"}}], \"affected\": [{\"vendor\": \"Siemens\", \"product\": \"Opcenter Quality\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2406\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Opcenter RDnL\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2410\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC PCS neo V4.0\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC PCS neo V4.1\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1 Update 2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC PCS neo V5.0\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V5.0 Update 1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SINEC NMS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SINEMA Remote Connect Client\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.2 SP3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Totally Integrated Automation Portal (TIA Portal) V16\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Totally Integrated Automation Portal (TIA Portal) V17\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V17 Update 8\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Totally Integrated Automation Portal (TIA Portal) V18\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V18 Update 5\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Totally Integrated Automation Portal (TIA Portal) V19\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V19 Update 3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"references\": [{\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-039007.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability has been identified in Opcenter Quality (All versions \u003c V2406), Opcenter RDnL (All versions \u003c V2410), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions \u003c V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions \u003c V5.0 Update 1), SINEC NMS (All versions), SINEMA Remote Connect Client (All versions \u003c V3.2 SP3), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions \u003c V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions \u003c V18 Update 5), Totally Integrated Automation Portal (TIA Portal) V19 (All versions \u003c V19 Update 3). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-122\", \"description\": \"CWE-122: Heap-based Buffer Overflow\"}]}], \"providerMetadata\": {\"orgId\": \"cec7a2ec-15b4-4faf-bd53-b40f371f3a77\", \"shortName\": \"siemens\", \"dateUpdated\": \"2025-10-14T09:15:00.448Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-33698\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-14T09:15:00.448Z\", \"dateReserved\": \"2024-04-26T12:32:09.263Z\", \"assignerOrgId\": \"cec7a2ec-15b4-4faf-bd53-b40f371f3a77\", \"datePublished\": \"2024-09-10T09:36:31.009Z\", \"assignerShortName\": \"siemens\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

NCSC-2024-0362

Vulnerability from csaf_ncscnl - Published: 2024-09-10 18:20 - Updated: 2024-09-10 18:20

Summary

Kwetsbaarheden verholpen in Siemens producten

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten

Siemens heeft kwetsbaarheden verholpen in diverse producten als Mendix, SICAM, SIMATIC, SINEMA, SINUMERIK en Tecnomatix.

Interpretaties

De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade: - Denial-of-Service (DoS) - Manipulatie van gegevens - Omzeilen van een beveiligingsmaatregel - Omzeilen van authenticatie - (Remote) code execution (Administrator/Root rechten) - (Remote) code execution (Gebruikersrechten) - Toegang tot systeemgegevens - Verhoogde gebruikersrechten De kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.

Oplossingen

Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico's zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.

Kans

medium

Schade

high

CWE-115

Misinterpretation of Input

CWE-912

Hidden Functionality

CWE-364

Signal Handler Race Condition

CWE-772

Missing Release of Resource after Effective Lifetime

CWE-732

Incorrect Permission Assignment for Critical Resource

CWE-297

Improper Validation of Certificate with Host Mismatch

CWE-754

Improper Check for Unusual or Exceptional Conditions

CWE-703

Improper Check or Handling of Exceptional Conditions

CWE-319

Cleartext Transmission of Sensitive Information

CWE-613

Insufficient Session Expiration

CWE-190

Integer Overflow or Wraparound

CWE-532

Insertion of Sensitive Information into Log File

CWE-204

Observable Response Discrepancy

CWE-639

Authorization Bypass Through User-Controlled Key

CWE-250

Execution with Unnecessary Privileges

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-404

Improper Resource Shutdown or Release

CWE-284

Improper Access Control

CWE-416

Use After Free

CWE-401

Missing Release of Memory after Effective Lifetime

CWE-476

NULL Pointer Dereference

CWE-295

Improper Certificate Validation

CWE-384

Session Fixation

CWE-122

Heap-based Buffer Overflow

CWE-121

Stack-based Buffer Overflow

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-20

Improper Input Validation

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Siemens heeft kwetsbaarheden verholpen in diverse producten als Mendix, SICAM, SIMATIC, SINEMA, SINUMERIK en Tecnomatix.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Denial-of-Service (DoS)\n- Manipulatie van gegevens\n- Omzeilen van een beveiligingsmaatregel\n- Omzeilen van authenticatie\n- (Remote) code execution (Administrator/Root rechten)\n- (Remote) code execution (Gebruikersrechten)\n- Toegang tot systeemgegevens\n- Verhoogde gebruikersrechten\n\nDe kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico\u0027s zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Misinterpretation of Input",
        "title": "CWE-115"
      },
      {
        "category": "general",
        "text": "Hidden Functionality",
        "title": "CWE-912"
      },
      {
        "category": "general",
        "text": "Signal Handler Race Condition",
        "title": "CWE-364"
      },
      {
        "category": "general",
        "text": "Missing Release of Resource after Effective Lifetime",
        "title": "CWE-772"
      },
      {
        "category": "general",
        "text": "Incorrect Permission Assignment for Critical Resource",
        "title": "CWE-732"
      },
      {
        "category": "general",
        "text": "Improper Validation of Certificate with Host Mismatch",
        "title": "CWE-297"
      },
      {
        "category": "general",
        "text": "Improper Check for Unusual or Exceptional Conditions",
        "title": "CWE-754"
      },
      {
        "category": "general",
        "text": "Improper Check or Handling of Exceptional Conditions",
        "title": "CWE-703"
      },
      {
        "category": "general",
        "text": "Cleartext Transmission of Sensitive Information",
        "title": "CWE-319"
      },
      {
        "category": "general",
        "text": "Insufficient Session Expiration",
        "title": "CWE-613"
      },
      {
        "category": "general",
        "text": "Integer Overflow or Wraparound",
        "title": "CWE-190"
      },
      {
        "category": "general",
        "text": "Insertion of Sensitive Information into Log File",
        "title": "CWE-532"
      },
      {
        "category": "general",
        "text": "Observable Response Discrepancy",
        "title": "CWE-204"
      },
      {
        "category": "general",
        "text": "Authorization Bypass Through User-Controlled Key",
        "title": "CWE-639"
      },
      {
        "category": "general",
        "text": "Execution with Unnecessary Privileges",
        "title": "CWE-250"
      },
      {
        "category": "general",
        "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
        "title": "CWE-362"
      },
      {
        "category": "general",
        "text": "Improper Resource Shutdown or Release",
        "title": "CWE-404"
      },
      {
        "category": "general",
        "text": "Improper Access Control",
        "title": "CWE-284"
      },
      {
        "category": "general",
        "text": "Use After Free",
        "title": "CWE-416"
      },
      {
        "category": "general",
        "text": "Missing Release of Memory after Effective Lifetime",
        "title": "CWE-401"
      },
      {
        "category": "general",
        "text": "NULL Pointer Dereference",
        "title": "CWE-476"
      },
      {
        "category": "general",
        "text": "Improper Certificate Validation",
        "title": "CWE-295"
      },
      {
        "category": "general",
        "text": "Session Fixation",
        "title": "CWE-384"
      },
      {
        "category": "general",
        "text": "Heap-based Buffer Overflow",
        "title": "CWE-122"
      },
      {
        "category": "general",
        "text": "Stack-based Buffer Overflow",
        "title": "CWE-121"
      },
      {
        "category": "general",
        "text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
        "title": "CWE-120"
      },
      {
        "category": "general",
        "text": "Improper Input Validation",
        "title": "CWE-20"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-039007.pdf"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-097435.pdf"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-097786.pdf"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-103653.pdf"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-342438.pdf"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-359713.pdf"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-417159.pdf"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-423808.pdf"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-427715.pdf"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-446545.pdf"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-629254.pdf"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-673996.pdf"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-765405.pdf"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-773256.pdf"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-869574.pdf"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Siemens producten",
    "tracking": {
      "current_release_date": "2024-09-10T18:20:41.668720Z",
      "id": "NCSC-2024-0362",
      "initial_release_date": "2024-09-10T18:20:41.668720Z",
      "revision_history": [
        {
          "date": "2024-09-10T18:20:41.668720Z",
          "number": "0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "ai_model_deployer",
            "product": {
              "name": "ai_model_deployer",
              "product_id": "CSAFPID-1637884",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:ai_model_deployer:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "automation_license_manager_v5",
            "product": {
              "name": "automation_license_manager_v5",
              "product_id": "CSAFPID-1637629",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:automation_license_manager_v5:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "automation_license_manager_v5",
            "product": {
              "name": "automation_license_manager_v5",
              "product_id": "CSAFPID-1553852",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:automation_license_manager_v5:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "automation_license_manager_v6.0",
            "product": {
              "name": "automation_license_manager_v6.0",
              "product_id": "CSAFPID-1637630",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:automation_license_manager_v6.0:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "automation_license_manager_v6.0",
            "product": {
              "name": "automation_license_manager_v6.0",
              "product_id": "CSAFPID-1637609",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:automation_license_manager_v6.0:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "automation_license_manager_v6.2",
            "product": {
              "name": "automation_license_manager_v6.2",
              "product_id": "CSAFPID-1637631",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:automation_license_manager_v6.2:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "automation_license_manager_v6.2",
            "product": {
              "name": "automation_license_manager_v6.2",
              "product_id": "CSAFPID-1637610",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:automation_license_manager_v6.2:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "data_flow_monitoring_industrial_edge_device_user_interface__dfm_ied_ui_",
            "product": {
              "name": "data_flow_monitoring_industrial_edge_device_user_interface__dfm_ied_ui_",
              "product_id": "CSAFPID-1637885",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:data_flow_monitoring_industrial_edge_device_user_interface__dfm_ied_ui_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "eti5_ethernet_int._1x100tx_iec61850",
            "product": {
              "name": "eti5_ethernet_int._1x100tx_iec61850",
              "product_id": "CSAFPID-1637840",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:eti5_ethernet_int._1x100tx_iec61850:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "industrial_edge_management_os__iem-os_",
            "product": {
              "name": "industrial_edge_management_os__iem-os_",
              "product_id": "CSAFPID-1637818",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:industrial_edge_management_os__iem-os_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "industrial_edge_management_pro",
            "product": {
              "name": "industrial_edge_management_pro",
              "product_id": "CSAFPID-1637809",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:industrial_edge_management_pro:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "industrial_edge_management_pro",
            "product": {
              "name": "industrial_edge_management_pro",
              "product_id": "CSAFPID-1637611",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:industrial_edge_management_pro:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "industrial_edge_management_virtual",
            "product": {
              "name": "industrial_edge_management_virtual",
              "product_id": "CSAFPID-1637810",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:industrial_edge_management_virtual:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "industrial_edge_management_virtual",
            "product": {
              "name": "industrial_edge_management_virtual",
              "product_id": "CSAFPID-1637612",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:industrial_edge_management_virtual:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "livetwin_industrial_edge_app__6av2170-0bl00-0aa0_",
            "product": {
              "name": "livetwin_industrial_edge_app__6av2170-0bl00-0aa0_",
              "product_id": "CSAFPID-1637886",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:livetwin_industrial_edge_app__6av2170-0bl00-0aa0_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "mendix_runtime_v10.12",
            "product": {
              "name": "mendix_runtime_v10.12",
              "product_id": "CSAFPID-1637623",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:mendix_runtime_v10.12:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "mendix_runtime_v10.12",
            "product": {
              "name": "mendix_runtime_v10.12",
              "product_id": "CSAFPID-1637566",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:mendix_runtime_v10.12:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "mendix_runtime_v10.6",
            "product": {
              "name": "mendix_runtime_v10.6",
              "product_id": "CSAFPID-1637624",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:mendix_runtime_v10.6:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "mendix_runtime_v10.6",
            "product": {
              "name": "mendix_runtime_v10.6",
              "product_id": "CSAFPID-1637567",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:mendix_runtime_v10.6:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "mendix_runtime_v10",
            "product": {
              "name": "mendix_runtime_v10",
              "product_id": "CSAFPID-1637622",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:mendix_runtime_v10:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "mendix_runtime_v10",
            "product": {
              "name": "mendix_runtime_v10",
              "product_id": "CSAFPID-1637565",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:mendix_runtime_v10:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "mendix_runtime_v8",
            "product": {
              "name": "mendix_runtime_v8",
              "product_id": "CSAFPID-1637625",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:mendix_runtime_v8:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "mendix_runtime_v8",
            "product": {
              "name": "mendix_runtime_v8",
              "product_id": "CSAFPID-1637568",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:mendix_runtime_v8:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "mendix_runtime_v9",
            "product": {
              "name": "mendix_runtime_v9",
              "product_id": "CSAFPID-1637626",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:mendix_runtime_v9:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "mendix_runtime_v9",
            "product": {
              "name": "mendix_runtime_v9",
              "product_id": "CSAFPID-1637569",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:mendix_runtime_v9:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sicam_scc",
            "product": {
              "name": "sicam_scc",
              "product_id": "CSAFPID-1637841",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sicam_scc:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sicam_scc__10.0",
            "product": {
              "name": "sicam_scc__10.0",
              "product_id": "CSAFPID-1637471",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sicam_scc__10.0:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_batch_v9.1",
            "product": {
              "name": "simatic_batch_v9.1",
              "product_id": "CSAFPID-1625340",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_batch_v9.1:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_batch_v9.1",
            "product": {
              "name": "simatic_batch_v9.1",
              "product_id": "CSAFPID-1470063",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_batch_v9.1:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_cp_1242-7_v2__incl._siplus_variants_",
            "product": {
              "name": "simatic_cp_1242-7_v2__incl._siplus_variants_",
              "product_id": "CSAFPID-1637811",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_cp_1242-7_v2__incl._siplus_variants_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_cp_1242-7_v2__incl._siplus_variants_",
            "product": {
              "name": "simatic_cp_1242-7_v2__incl._siplus_variants_",
              "product_id": "CSAFPID-1476332",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_cp_1242-7_v2__incl._siplus_variants_:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_cp_1243-1__incl._siplus_variants_",
            "product": {
              "name": "simatic_cp_1243-1__incl._siplus_variants_",
              "product_id": "CSAFPID-1637649",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_cp_1243-1__incl._siplus_variants_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_cp_1243-1__incl._siplus_variants_",
            "product": {
              "name": "simatic_cp_1243-1__incl._siplus_variants_",
              "product_id": "CSAFPID-1476333",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_cp_1243-1__incl._siplus_variants_:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_cp_1243-1_dnp3__incl._siplus_variants_",
            "product": {
              "name": "simatic_cp_1243-1_dnp3__incl._siplus_variants_",
              "product_id": "CSAFPID-1637650",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_cp_1243-1_dnp3__incl._siplus_variants_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_cp_1243-1_dnp3__incl._siplus_variants_",
            "product": {
              "name": "simatic_cp_1243-1_dnp3__incl._siplus_variants_",
              "product_id": "CSAFPID-1476082",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_cp_1243-1_dnp3__incl._siplus_variants_:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_cp_1243-1_iec__incl._siplus_variants_",
            "product": {
              "name": "simatic_cp_1243-1_iec__incl._siplus_variants_",
              "product_id": "CSAFPID-1637651",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_cp_1243-1_iec__incl._siplus_variants_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_cp_1243-1_iec__incl._siplus_variants_",
            "product": {
              "name": "simatic_cp_1243-1_iec__incl._siplus_variants_",
              "product_id": "CSAFPID-1476083",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_cp_1243-1_iec__incl._siplus_variants_:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_cp_1243-7_lte",
            "product": {
              "name": "simatic_cp_1243-7_lte",
              "product_id": "CSAFPID-1637812",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_cp_1243-7_lte:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_cp_1243-7_lte",
            "product": {
              "name": "simatic_cp_1243-7_lte",
              "product_id": "CSAFPID-1476334",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_cp_1243-7_lte:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_cp_1243-8_irc",
            "product": {
              "name": "simatic_cp_1243-8_irc",
              "product_id": "CSAFPID-1476086",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_cp_1243-8_irc:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_cp_1243-8_irc__6gk7243-8rx30-0xe0_",
            "product": {
              "name": "simatic_cp_1243-8_irc__6gk7243-8rx30-0xe0_",
              "product_id": "CSAFPID-1637652",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_cp_1243-8_irc__6gk7243-8rx30-0xe0_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_hmi_comfort_panels__incl._siplus_variants_",
            "product": {
              "name": "simatic_hmi_comfort_panels__incl._siplus_variants_",
              "product_id": "CSAFPID-1637813",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_hmi_comfort_panels__incl._siplus_variants_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_hmi_comfort_panels__incl._siplus_variants_",
            "product": {
              "name": "simatic_hmi_comfort_panels__incl._siplus_variants_",
              "product_id": "CSAFPID-1637557",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_hmi_comfort_panels__incl._siplus_variants_:all_versions:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_information_server_2020",
            "product": {
              "name": "simatic_information_server_2020",
              "product_id": "CSAFPID-1637837",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_information_server_2020:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_information_server_2020",
            "product": {
              "name": "simatic_information_server_2020",
              "product_id": "CSAFPID-1637574",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_information_server_2020:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_information_server_2022",
            "product": {
              "name": "simatic_information_server_2022",
              "product_id": "CSAFPID-1637613",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_information_server_2022:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_information_server_2022",
            "product": {
              "name": "simatic_information_server_2022",
              "product_id": "CSAFPID-1637570",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_information_server_2022:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_information_server_2024",
            "product": {
              "name": "simatic_information_server_2024",
              "product_id": "CSAFPID-1637614",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_information_server_2024:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_information_server_2024",
            "product": {
              "name": "simatic_information_server_2024",
              "product_id": "CSAFPID-1637571",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_information_server_2024:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_ipc_diagbase",
            "product": {
              "name": "simatic_ipc_diagbase",
              "product_id": "CSAFPID-1637619",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_ipc_diagbase:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_ipc_diagbase",
            "product": {
              "name": "simatic_ipc_diagbase",
              "product_id": "CSAFPID-1497078",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_ipc_diagbase:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_ipc_diagmonitor",
            "product": {
              "name": "simatic_ipc_diagmonitor",
              "product_id": "CSAFPID-744729",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_ipc_diagmonitor:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_ipc_diagmonitor",
            "product": {
              "name": "simatic_ipc_diagmonitor",
              "product_id": "CSAFPID-1457904",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_ipc_diagmonitor:all_versions:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_pcs_7_v9.1",
            "product": {
              "name": "simatic_pcs_7_v9.1",
              "product_id": "CSAFPID-1501190",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_pcs_7_v9.1:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_pcs_7_v9.1",
            "product": {
              "name": "simatic_pcs_7_v9.1",
              "product_id": "CSAFPID-1457909",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_pcs_7_v9.1:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_pcs_neo_v4.0",
            "product": {
              "name": "simatic_pcs_neo_v4.0",
              "product_id": "CSAFPID-1637615",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_pcs_neo_v4.0:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_pcs_neo_v4.0",
            "product": {
              "name": "simatic_pcs_neo_v4.0",
              "product_id": "CSAFPID-1496915",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_pcs_neo_v4.0:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_pcs_neo_v4.1",
            "product": {
              "name": "simatic_pcs_neo_v4.1",
              "product_id": "CSAFPID-1637616",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_pcs_neo_v4.1:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_pcs_neo_v4.1",
            "product": {
              "name": "simatic_pcs_neo_v4.1",
              "product_id": "CSAFPID-1637572",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_pcs_neo_v4.1:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_pcs_neo_v5.0",
            "product": {
              "name": "simatic_pcs_neo_v5.0",
              "product_id": "CSAFPID-1637617",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_pcs_neo_v5.0:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_pcs_neo_v5.0",
            "product": {
              "name": "simatic_pcs_neo_v5.0",
              "product_id": "CSAFPID-1637573",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_pcs_neo_v5.0:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_process_historian_2020",
            "product": {
              "name": "simatic_process_historian_2020",
              "product_id": "CSAFPID-1637838",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_process_historian_2020:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_process_historian_2020",
            "product": {
              "name": "simatic_process_historian_2020",
              "product_id": "CSAFPID-1637575",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_process_historian_2020:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_process_historian_2022",
            "product": {
              "name": "simatic_process_historian_2022",
              "product_id": "CSAFPID-1637839",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_process_historian_2022:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_process_historian_2022",
            "product": {
              "name": "simatic_process_historian_2022",
              "product_id": "CSAFPID-1637576",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_process_historian_2022:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_reader_rf610r_cmiit",
            "product": {
              "name": "simatic_reader_rf610r_cmiit",
              "product_id": "CSAFPID-1637577",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_reader_rf610r_cmiit:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_reader_rf610r_cmiit__6gt2811-6bc10-2aa0_",
            "product": {
              "name": "simatic_reader_rf610r_cmiit__6gt2811-6bc10-2aa0_",
              "product_id": "CSAFPID-1637857",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_reader_rf610r_cmiit__6gt2811-6bc10-2aa0_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_reader_rf610r_etsi",
            "product": {
              "name": "simatic_reader_rf610r_etsi",
              "product_id": "CSAFPID-1637578",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_reader_rf610r_etsi:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_reader_rf610r_etsi__6gt2811-6bc10-0aa0_",
            "product": {
              "name": "simatic_reader_rf610r_etsi__6gt2811-6bc10-0aa0_",
              "product_id": "CSAFPID-1637858",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_reader_rf610r_etsi__6gt2811-6bc10-0aa0_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_reader_rf610r_fcc",
            "product": {
              "name": "simatic_reader_rf610r_fcc",
              "product_id": "CSAFPID-1637579",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_reader_rf610r_fcc:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_reader_rf610r_fcc__6gt2811-6bc10-1aa0_",
            "product": {
              "name": "simatic_reader_rf610r_fcc__6gt2811-6bc10-1aa0_",
              "product_id": "CSAFPID-1637859",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_reader_rf610r_fcc__6gt2811-6bc10-1aa0_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_reader_rf615r_cmiit",
            "product": {
              "name": "simatic_reader_rf615r_cmiit",
              "product_id": "CSAFPID-1637580",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_reader_rf615r_cmiit:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_reader_rf615r_cmiit__6gt2811-6cc10-2aa0_",
            "product": {
              "name": "simatic_reader_rf615r_cmiit__6gt2811-6cc10-2aa0_",
              "product_id": "CSAFPID-1637860",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_reader_rf615r_cmiit__6gt2811-6cc10-2aa0_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_reader_rf615r_etsi",
            "product": {
              "name": "simatic_reader_rf615r_etsi",
              "product_id": "CSAFPID-1637581",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_reader_rf615r_etsi:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_reader_rf615r_etsi__6gt2811-6cc10-0aa0_",
            "product": {
              "name": "simatic_reader_rf615r_etsi__6gt2811-6cc10-0aa0_",
              "product_id": "CSAFPID-1637861",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_reader_rf615r_etsi__6gt2811-6cc10-0aa0_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_reader_rf615r_fcc",
            "product": {
              "name": "simatic_reader_rf615r_fcc",
              "product_id": "CSAFPID-1637582",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_reader_rf615r_fcc:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_reader_rf615r_fcc__6gt2811-6cc10-1aa0_",
            "product": {
              "name": "simatic_reader_rf615r_fcc__6gt2811-6cc10-1aa0_",
              "product_id": "CSAFPID-1637862",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_reader_rf615r_fcc__6gt2811-6cc10-1aa0_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_reader_rf650r_arib",
            "product": {
              "name": "simatic_reader_rf650r_arib",
              "product_id": "CSAFPID-1637583",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_reader_rf650r_arib:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_reader_rf650r_arib__6gt2811-6ab20-4aa0_",
            "product": {
              "name": "simatic_reader_rf650r_arib__6gt2811-6ab20-4aa0_",
              "product_id": "CSAFPID-1637863",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_reader_rf650r_arib__6gt2811-6ab20-4aa0_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_reader_rf650r_cmiit",
            "product": {
              "name": "simatic_reader_rf650r_cmiit",
              "product_id": "CSAFPID-1637584",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_reader_rf650r_cmiit:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_reader_rf650r_cmiit__6gt2811-6ab20-2aa0_",
            "product": {
              "name": "simatic_reader_rf650r_cmiit__6gt2811-6ab20-2aa0_",
              "product_id": "CSAFPID-1637864",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_reader_rf650r_cmiit__6gt2811-6ab20-2aa0_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_reader_rf650r_etsi",
            "product": {
              "name": "simatic_reader_rf650r_etsi",
              "product_id": "CSAFPID-1637585",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_reader_rf650r_etsi:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_reader_rf650r_etsi__6gt2811-6ab20-0aa0_",
            "product": {
              "name": "simatic_reader_rf650r_etsi__6gt2811-6ab20-0aa0_",
              "product_id": "CSAFPID-1637865",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_reader_rf650r_etsi__6gt2811-6ab20-0aa0_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_reader_rf650r_fcc",
            "product": {
              "name": "simatic_reader_rf650r_fcc",
              "product_id": "CSAFPID-1637586",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_reader_rf650r_fcc:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_reader_rf650r_fcc__6gt2811-6ab20-1aa0_",
            "product": {
              "name": "simatic_reader_rf650r_fcc__6gt2811-6ab20-1aa0_",
              "product_id": "CSAFPID-1637866",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_reader_rf650r_fcc__6gt2811-6ab20-1aa0_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_reader_rf680r_arib",
            "product": {
              "name": "simatic_reader_rf680r_arib",
              "product_id": "CSAFPID-1637587",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_reader_rf680r_arib:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_reader_rf680r_arib__6gt2811-6aa10-4aa0_",
            "product": {
              "name": "simatic_reader_rf680r_arib__6gt2811-6aa10-4aa0_",
              "product_id": "CSAFPID-1637867",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_reader_rf680r_arib__6gt2811-6aa10-4aa0_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_reader_rf680r_cmiit",
            "product": {
              "name": "simatic_reader_rf680r_cmiit",
              "product_id": "CSAFPID-1637588",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_reader_rf680r_cmiit:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_reader_rf680r_cmiit__6gt2811-6aa10-2aa0_",
            "product": {
              "name": "simatic_reader_rf680r_cmiit__6gt2811-6aa10-2aa0_",
              "product_id": "CSAFPID-1637868",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_reader_rf680r_cmiit__6gt2811-6aa10-2aa0_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_reader_rf680r_etsi",
            "product": {
              "name": "simatic_reader_rf680r_etsi",
              "product_id": "CSAFPID-1637589",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_reader_rf680r_etsi:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_reader_rf680r_etsi__6gt2811-6aa10-0aa0_",
            "product": {
              "name": "simatic_reader_rf680r_etsi__6gt2811-6aa10-0aa0_",
              "product_id": "CSAFPID-1637869",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_reader_rf680r_etsi__6gt2811-6aa10-0aa0_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_reader_rf680r_fcc",
            "product": {
              "name": "simatic_reader_rf680r_fcc",
              "product_id": "CSAFPID-1637590",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_reader_rf680r_fcc:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_reader_rf680r_fcc__6gt2811-6aa10-1aa0_",
            "product": {
              "name": "simatic_reader_rf680r_fcc__6gt2811-6aa10-1aa0_",
              "product_id": "CSAFPID-1637870",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_reader_rf680r_fcc__6gt2811-6aa10-1aa0_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_reader_rf685r_arib",
            "product": {
              "name": "simatic_reader_rf685r_arib",
              "product_id": "CSAFPID-1637591",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_reader_rf685r_arib:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_reader_rf685r_arib__6gt2811-6ca10-4aa0_",
            "product": {
              "name": "simatic_reader_rf685r_arib__6gt2811-6ca10-4aa0_",
              "product_id": "CSAFPID-1637871",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_reader_rf685r_arib__6gt2811-6ca10-4aa0_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_reader_rf685r_cmiit",
            "product": {
              "name": "simatic_reader_rf685r_cmiit",
              "product_id": "CSAFPID-1637592",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_reader_rf685r_cmiit:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_reader_rf685r_cmiit__6gt2811-6ca10-2aa0_",
            "product": {
              "name": "simatic_reader_rf685r_cmiit__6gt2811-6ca10-2aa0_",
              "product_id": "CSAFPID-1637872",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_reader_rf685r_cmiit__6gt2811-6ca10-2aa0_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_reader_rf685r_etsi",
            "product": {
              "name": "simatic_reader_rf685r_etsi",
              "product_id": "CSAFPID-1637593",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_reader_rf685r_etsi:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_reader_rf685r_etsi__6gt2811-6ca10-0aa0_",
            "product": {
              "name": "simatic_reader_rf685r_etsi__6gt2811-6ca10-0aa0_",
              "product_id": "CSAFPID-1637873",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_reader_rf685r_etsi__6gt2811-6ca10-0aa0_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_reader_rf685r_fcc",
            "product": {
              "name": "simatic_reader_rf685r_fcc",
              "product_id": "CSAFPID-1637594",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_reader_rf685r_fcc:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_reader_rf685r_fcc__6gt2811-6ca10-1aa0_",
            "product": {
              "name": "simatic_reader_rf685r_fcc__6gt2811-6ca10-1aa0_",
              "product_id": "CSAFPID-1637874",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_reader_rf685r_fcc__6gt2811-6ca10-1aa0_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_rf1140r",
            "product": {
              "name": "simatic_rf1140r",
              "product_id": "CSAFPID-1637595",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_rf1140r:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_rf1140r__6gt2831-6cb00_",
            "product": {
              "name": "simatic_rf1140r__6gt2831-6cb00_",
              "product_id": "CSAFPID-1637875",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_rf1140r__6gt2831-6cb00_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_rf1170r",
            "product": {
              "name": "simatic_rf1170r",
              "product_id": "CSAFPID-1637596",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_rf1170r:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_rf1170r__6gt2831-6bb00_",
            "product": {
              "name": "simatic_rf1170r__6gt2831-6bb00_",
              "product_id": "CSAFPID-1637876",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_rf1170r__6gt2831-6bb00_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_rf166c",
            "product": {
              "name": "simatic_rf166c",
              "product_id": "CSAFPID-1637597",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_rf166c:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_rf166c__6gt2002-0ee20_",
            "product": {
              "name": "simatic_rf166c__6gt2002-0ee20_",
              "product_id": "CSAFPID-1637877",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_rf166c__6gt2002-0ee20_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_rf185c",
            "product": {
              "name": "simatic_rf185c",
              "product_id": "CSAFPID-1637598",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_rf185c:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_rf185c__6gt2002-0je10_",
            "product": {
              "name": "simatic_rf185c__6gt2002-0je10_",
              "product_id": "CSAFPID-1637878",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_rf185c__6gt2002-0je10_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_rf186c",
            "product": {
              "name": "simatic_rf186c",
              "product_id": "CSAFPID-1637599",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_rf186c:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_rf186c__6gt2002-0je20_",
            "product": {
              "name": "simatic_rf186c__6gt2002-0je20_",
              "product_id": "CSAFPID-1637879",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_rf186c__6gt2002-0je20_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_rf186ci",
            "product": {
              "name": "simatic_rf186ci",
              "product_id": "CSAFPID-1637600",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_rf186ci:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_rf186ci__6gt2002-0je50_",
            "product": {
              "name": "simatic_rf186ci__6gt2002-0je50_",
              "product_id": "CSAFPID-1637880",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_rf186ci__6gt2002-0je50_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_rf188c",
            "product": {
              "name": "simatic_rf188c",
              "product_id": "CSAFPID-1637601",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_rf188c:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_rf188c__6gt2002-0je40_",
            "product": {
              "name": "simatic_rf188c__6gt2002-0je40_",
              "product_id": "CSAFPID-1637881",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_rf188c__6gt2002-0je40_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_rf188ci",
            "product": {
              "name": "simatic_rf188ci",
              "product_id": "CSAFPID-1637602",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_rf188ci:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_rf188ci__6gt2002-0je60_",
            "product": {
              "name": "simatic_rf188ci__6gt2002-0je60_",
              "product_id": "CSAFPID-1637882",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_rf188ci__6gt2002-0je60_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_rf360r",
            "product": {
              "name": "simatic_rf360r",
              "product_id": "CSAFPID-1637603",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_rf360r:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_rf360r__6gt2801-5ba30_",
            "product": {
              "name": "simatic_rf360r__6gt2801-5ba30_",
              "product_id": "CSAFPID-1637883",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_rf360r__6gt2801-5ba30_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_",
            "product": {
              "name": "simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_",
              "product_id": "CSAFPID-1615260",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_",
            "product": {
              "name": "simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_",
              "product_id": "CSAFPID-1615261",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_",
            "product": {
              "name": "simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_",
              "product_id": "CSAFPID-1615262",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_",
            "product": {
              "name": "simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_",
              "product_id": "CSAFPID-1615263",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc",
            "product": {
              "name": "simatic_wincc",
              "product_id": "CSAFPID-165973",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc:7.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc",
            "product": {
              "name": "simatic_wincc",
              "product_id": "CSAFPID-186768",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc:7.5:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc",
            "product": {
              "name": "simatic_wincc",
              "product_id": "CSAFPID-855579",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc:8.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc",
            "product": {
              "name": "simatic_wincc",
              "product_id": "CSAFPID-1637479",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc:runtime_advanced:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc",
            "product": {
              "name": "simatic_wincc",
              "product_id": "CSAFPID-1637482",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc:runtime_professional_v17:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc",
            "product": {
              "name": "simatic_wincc",
              "product_id": "CSAFPID-1637483",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc:runtime_professional_v18:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc",
            "product": {
              "name": "simatic_wincc",
              "product_id": "CSAFPID-1637480",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc:runtime_professional_v19:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc",
            "product": {
              "name": "simatic_wincc",
              "product_id": "CSAFPID-1637481",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc:runtime_professional_v20:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_runtime_advanced",
            "product": {
              "name": "simatic_wincc_runtime_advanced",
              "product_id": "CSAFPID-766087",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_advanced:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_runtime_advanced",
            "product": {
              "name": "simatic_wincc_runtime_advanced",
              "product_id": "CSAFPID-1637558",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_advanced:all_versions:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_runtime_professional_v17",
            "product": {
              "name": "simatic_wincc_runtime_professional_v17",
              "product_id": "CSAFPID-1637887",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v17:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_runtime_professional_v18",
            "product": {
              "name": "simatic_wincc_runtime_professional_v18",
              "product_id": "CSAFPID-1501188",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v18:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_runtime_professional_v18",
            "product": {
              "name": "simatic_wincc_runtime_professional_v18",
              "product_id": "CSAFPID-1457962",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v18:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_runtime_professional_v19",
            "product": {
              "name": "simatic_wincc_runtime_professional_v19",
              "product_id": "CSAFPID-1501192",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v19:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_runtime_professional_v19",
            "product": {
              "name": "simatic_wincc_runtime_professional_v19",
              "product_id": "CSAFPID-1457963",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v19:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_runtime_professional_v20",
            "product": {
              "name": "simatic_wincc_runtime_professional_v20",
              "product_id": "CSAFPID-1637888",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v20:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_v7.4",
            "product": {
              "name": "simatic_wincc_v7.4",
              "product_id": "CSAFPID-1501193",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_v7.4:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_v7.4",
            "product": {
              "name": "simatic_wincc_v7.4",
              "product_id": "CSAFPID-1457965",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_v7.4:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_v7.5",
            "product": {
              "name": "simatic_wincc_v7.5",
              "product_id": "CSAFPID-1501191",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_v7.5:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_v7.5",
            "product": {
              "name": "simatic_wincc_v7.5",
              "product_id": "CSAFPID-1457966",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_v7.5:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_v8.0",
            "product": {
              "name": "simatic_wincc_v8.0",
              "product_id": "CSAFPID-1501189",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_v8.0:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_wincc_v8.0",
            "product": {
              "name": "simatic_wincc_v8.0",
              "product_id": "CSAFPID-1457967",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_wincc_v8.0:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sinec_nms",
            "product": {
              "name": "sinec_nms",
              "product_id": "CSAFPID-309392",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sinec_nms",
            "product": {
              "name": "sinec_nms",
              "product_id": "CSAFPID-1458012",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sinec_nms:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sinema_remote_connect_client",
            "product": {
              "name": "sinema_remote_connect_client",
              "product_id": "CSAFPID-894438",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sinema_remote_connect_client:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sinema_remote_connect_client",
            "product": {
              "name": "sinema_remote_connect_client",
              "product_id": "CSAFPID-1494867",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sinema_remote_connect_client:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sinema_remote_connect_server",
            "product": {
              "name": "sinema_remote_connect_server",
              "product_id": "CSAFPID-218852",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sinema_remote_connect_server",
            "product": {
              "name": "sinema_remote_connect_server",
              "product_id": "CSAFPID-1496914",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sinema_remote_connect_server:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sinumerik_828d_v4",
            "product": {
              "name": "sinumerik_828d_v4",
              "product_id": "CSAFPID-1637627",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sinumerik_828d_v4:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sinumerik_828d_v4",
            "product": {
              "name": "sinumerik_828d_v4",
              "product_id": "CSAFPID-1637606",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sinumerik_828d_v4:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sinumerik_828d_v5",
            "product": {
              "name": "sinumerik_828d_v5",
              "product_id": "CSAFPID-1637762",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sinumerik_828d_v5:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sinumerik_828d_v5",
            "product": {
              "name": "sinumerik_828d_v5",
              "product_id": "CSAFPID-1637607",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sinumerik_828d_v5:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sinumerik_840d_sl_v4",
            "product": {
              "name": "sinumerik_840d_sl_v4",
              "product_id": "CSAFPID-1637628",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sinumerik_840d_sl_v4:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sinumerik_840d_sl_v4",
            "product": {
              "name": "sinumerik_840d_sl_v4",
              "product_id": "CSAFPID-1637608",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sinumerik_840d_sl_v4:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sinumerik_one",
            "product": {
              "name": "sinumerik_one",
              "product_id": "CSAFPID-455030",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sinumerik_one:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sinumerik_one",
            "product": {
              "name": "sinumerik_one",
              "product_id": "CSAFPID-1457969",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sinumerik_one:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_",
            "product": {
              "name": "siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_",
              "product_id": "CSAFPID-1615264",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siplus_tim_1531_irc",
            "product": {
              "name": "siplus_tim_1531_irc",
              "product_id": "CSAFPID-1476100",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siplus_tim_1531_irc:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siplus_tim_1531_irc__6ag1543-1mx00-7xe0_",
            "product": {
              "name": "siplus_tim_1531_irc__6ag1543-1mx00-7xe0_",
              "product_id": "CSAFPID-1637814",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siplus_tim_1531_irc__6ag1543-1mx00-7xe0_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sitipe_at",
            "product": {
              "name": "sitipe_at",
              "product_id": "CSAFPID-1637842",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:sitipe_at:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "tecnomatix_plant_simulation_v2302",
            "product": {
              "name": "tecnomatix_plant_simulation_v2302",
              "product_id": "CSAFPID-1637816",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2302:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "tecnomatix_plant_simulation_v2302",
            "product": {
              "name": "tecnomatix_plant_simulation_v2302",
              "product_id": "CSAFPID-1465025",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2302:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "tecnomatix_plant_simulation_v2404",
            "product": {
              "name": "tecnomatix_plant_simulation_v2404",
              "product_id": "CSAFPID-1637817",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2404:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "tecnomatix_plant_simulation_v2404",
            "product": {
              "name": "tecnomatix_plant_simulation_v2404",
              "product_id": "CSAFPID-1476361",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2404:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "tia_administrator",
            "product": {
              "name": "tia_administrator",
              "product_id": "CSAFPID-766096",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:tia_administrator:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "tia_portal",
            "product": {
              "name": "tia_portal",
              "product_id": "CSAFPID-1637472",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:tia_portal:v16:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "tia_portal__v17_update_8",
            "product": {
              "name": "tia_portal__v17_update_8",
              "product_id": "CSAFPID-1637474",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:tia_portal__v17_update_8:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "tia_portal_umc__v2.13.1",
            "product": {
              "name": "tia_portal_umc__v2.13.1",
              "product_id": "CSAFPID-1637473",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:tia_portal_umc__v2.13.1:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "tim_1531_irc",
            "product": {
              "name": "tim_1531_irc",
              "product_id": "CSAFPID-1476101",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:tim_1531_irc:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "tim_1531_irc__6gk7543-1mx00-0xe0_",
            "product": {
              "name": "tim_1531_irc__6gk7543-1mx00-0xe0_",
              "product_id": "CSAFPID-1637815",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:tim_1531_irc__6gk7543-1mx00-0xe0_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "totally_integrated_automation_portal__tia_portal__v16",
            "product": {
              "name": "totally_integrated_automation_portal__tia_portal__v16",
              "product_id": "CSAFPID-1615256",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v16:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "totally_integrated_automation_portal__tia_portal__v16",
            "product": {
              "name": "totally_integrated_automation_portal__tia_portal__v16",
              "product_id": "CSAFPID-1458015",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v16:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "totally_integrated_automation_portal__tia_portal__v17",
            "product": {
              "name": "totally_integrated_automation_portal__tia_portal__v17",
              "product_id": "CSAFPID-1615257",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v17:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "totally_integrated_automation_portal__tia_portal__v17",
            "product": {
              "name": "totally_integrated_automation_portal__tia_portal__v17",
              "product_id": "CSAFPID-1458016",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v17:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "totally_integrated_automation_portal__tia_portal__v18",
            "product": {
              "name": "totally_integrated_automation_portal__tia_portal__v18",
              "product_id": "CSAFPID-1615258",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v18:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "totally_integrated_automation_portal__tia_portal__v18",
            "product": {
              "name": "totally_integrated_automation_portal__tia_portal__v18",
              "product_id": "CSAFPID-1458017",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v18:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "totally_integrated_automation_portal__tia_portal__v19",
            "product": {
              "name": "totally_integrated_automation_portal__tia_portal__v19",
              "product_id": "CSAFPID-1637618",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v19:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "totally_integrated_automation_portal__tia_portal__v19",
            "product": {
              "name": "totally_integrated_automation_portal__tia_portal__v19",
              "product_id": "CSAFPID-1470073",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v19:0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sicam",
            "product": {
              "name": "sicam",
              "product_id": "CSAFPID-1637469",
              "product_identification_helper": {
                "cpe": "cpe:2.3:h:siemens:sicam:8_software_solution:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sicam",
            "product": {
              "name": "sicam",
              "product_id": "CSAFPID-1637470",
              "product_identification_helper": {
                "cpe": "cpe:2.3:h:siemens:sicam:a8000_device:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sicam",
            "product": {
              "name": "sicam",
              "product_id": "CSAFPID-1637468",
              "product_identification_helper": {
                "cpe": "cpe:2.3:h:siemens:sicam:egs_device:*:*:*:*:*:*:*"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2006-5051",
      "references": [
        {
          "category": "self",
          "summary": "CVE-2006-5051",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2006/CVE-2006-5051.json"
        }
      ],
      "title": "CVE-2006-5051"
    },
    {
      "cve": "CVE-2023-28827",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "other",
          "text": "NULL Pointer Dereference",
          "title": "CWE-476"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1637479",
          "CSAFPID-1476332",
          "CSAFPID-1476333",
          "CSAFPID-1476082",
          "CSAFPID-1476083",
          "CSAFPID-1476334",
          "CSAFPID-1476086",
          "CSAFPID-1637557",
          "CSAFPID-1497078",
          "CSAFPID-1457904",
          "CSAFPID-1637558",
          "CSAFPID-1476100",
          "CSAFPID-1476101",
          "CSAFPID-1637811",
          "CSAFPID-1637649",
          "CSAFPID-1637650",
          "CSAFPID-1637651",
          "CSAFPID-1637812",
          "CSAFPID-1637652",
          "CSAFPID-1637813",
          "CSAFPID-1637619",
          "CSAFPID-744729",
          "CSAFPID-766087",
          "CSAFPID-1637814",
          "CSAFPID-1637815"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-28827",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-28827.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1637479",
            "CSAFPID-1476332",
            "CSAFPID-1476333",
            "CSAFPID-1476082",
            "CSAFPID-1476083",
            "CSAFPID-1476334",
            "CSAFPID-1476086",
            "CSAFPID-1637557",
            "CSAFPID-1497078",
            "CSAFPID-1457904",
            "CSAFPID-1637558",
            "CSAFPID-1476100",
            "CSAFPID-1476101",
            "CSAFPID-1637811",
            "CSAFPID-1637649",
            "CSAFPID-1637650",
            "CSAFPID-1637651",
            "CSAFPID-1637812",
            "CSAFPID-1637652",
            "CSAFPID-1637813",
            "CSAFPID-1637619",
            "CSAFPID-744729",
            "CSAFPID-766087",
            "CSAFPID-1637814",
            "CSAFPID-1637815"
          ]
        }
      ],
      "title": "CVE-2023-28827"
    },
    {
      "cve": "CVE-2023-30755",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "other",
          "text": "NULL Pointer Dereference",
          "title": "CWE-476"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1637479",
          "CSAFPID-1476332",
          "CSAFPID-1476333",
          "CSAFPID-1476082",
          "CSAFPID-1476083",
          "CSAFPID-1476334",
          "CSAFPID-1476086",
          "CSAFPID-1637557",
          "CSAFPID-1497078",
          "CSAFPID-1457904",
          "CSAFPID-1637558",
          "CSAFPID-1476100",
          "CSAFPID-1476101",
          "CSAFPID-1637811",
          "CSAFPID-1637649",
          "CSAFPID-1637650",
          "CSAFPID-1637651",
          "CSAFPID-1637812",
          "CSAFPID-1637652",
          "CSAFPID-1637813",
          "CSAFPID-1637619",
          "CSAFPID-744729",
          "CSAFPID-766087",
          "CSAFPID-1637814",
          "CSAFPID-1637815"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-30755",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-30755.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1637479",
            "CSAFPID-1476332",
            "CSAFPID-1476333",
            "CSAFPID-1476082",
            "CSAFPID-1476083",
            "CSAFPID-1476334",
            "CSAFPID-1476086",
            "CSAFPID-1637557",
            "CSAFPID-1497078",
            "CSAFPID-1457904",
            "CSAFPID-1637558",
            "CSAFPID-1476100",
            "CSAFPID-1476101",
            "CSAFPID-1637811",
            "CSAFPID-1637649",
            "CSAFPID-1637650",
            "CSAFPID-1637651",
            "CSAFPID-1637812",
            "CSAFPID-1637652",
            "CSAFPID-1637813",
            "CSAFPID-1637619",
            "CSAFPID-744729",
            "CSAFPID-766087",
            "CSAFPID-1637814",
            "CSAFPID-1637815"
          ]
        }
      ],
      "title": "CVE-2023-30755"
    },
    {
      "cve": "CVE-2023-30756",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "other",
          "text": "NULL Pointer Dereference",
          "title": "CWE-476"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1637479",
          "CSAFPID-1476332",
          "CSAFPID-1476333",
          "CSAFPID-1476082",
          "CSAFPID-1476083",
          "CSAFPID-1476334",
          "CSAFPID-1476086",
          "CSAFPID-1637557",
          "CSAFPID-1497078",
          "CSAFPID-1457904",
          "CSAFPID-1637558",
          "CSAFPID-1476100",
          "CSAFPID-1476101",
          "CSAFPID-1637811",
          "CSAFPID-1637649",
          "CSAFPID-1637650",
          "CSAFPID-1637651",
          "CSAFPID-1637812",
          "CSAFPID-1637652",
          "CSAFPID-1637813",
          "CSAFPID-1637619",
          "CSAFPID-744729",
          "CSAFPID-766087",
          "CSAFPID-1637814",
          "CSAFPID-1637815"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-30756",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-30756.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1637479",
            "CSAFPID-1476332",
            "CSAFPID-1476333",
            "CSAFPID-1476082",
            "CSAFPID-1476083",
            "CSAFPID-1476334",
            "CSAFPID-1476086",
            "CSAFPID-1637557",
            "CSAFPID-1497078",
            "CSAFPID-1457904",
            "CSAFPID-1637558",
            "CSAFPID-1476100",
            "CSAFPID-1476101",
            "CSAFPID-1637811",
            "CSAFPID-1637649",
            "CSAFPID-1637650",
            "CSAFPID-1637651",
            "CSAFPID-1637812",
            "CSAFPID-1637652",
            "CSAFPID-1637813",
            "CSAFPID-1637619",
            "CSAFPID-744729",
            "CSAFPID-766087",
            "CSAFPID-1637814",
            "CSAFPID-1637815"
          ]
        }
      ],
      "title": "CVE-2023-30756"
    },
    {
      "cve": "CVE-2023-46850",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-894438"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-46850",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46850.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-894438"
          ]
        }
      ],
      "title": "CVE-2023-46850"
    },
    {
      "cve": "CVE-2023-49069",
      "cwe": {
        "id": "CWE-204",
        "name": "Observable Response Discrepancy"
      },
      "notes": [
        {
          "category": "other",
          "text": "Observable Response Discrepancy",
          "title": "CWE-204"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1637565",
          "CSAFPID-1637566",
          "CSAFPID-1637567",
          "CSAFPID-1637568",
          "CSAFPID-1637569",
          "CSAFPID-1637622",
          "CSAFPID-1637623",
          "CSAFPID-1637624",
          "CSAFPID-1637625",
          "CSAFPID-1637626"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-49069",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-49069.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1637565",
            "CSAFPID-1637566",
            "CSAFPID-1637567",
            "CSAFPID-1637568",
            "CSAFPID-1637569",
            "CSAFPID-1637622",
            "CSAFPID-1637623",
            "CSAFPID-1637624",
            "CSAFPID-1637625",
            "CSAFPID-1637626"
          ]
        }
      ],
      "title": "CVE-2023-49069"
    },
    {
      "cve": "CVE-2024-2004",
      "cwe": {
        "id": "CWE-319",
        "name": "Cleartext Transmission of Sensitive Information"
      },
      "notes": [
        {
          "category": "other",
          "text": "Cleartext Transmission of Sensitive Information",
          "title": "CWE-319"
        },
        {
          "category": "other",
          "text": "Misinterpretation of Input",
          "title": "CWE-115"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1615260",
          "CSAFPID-1615261",
          "CSAFPID-1615262",
          "CSAFPID-1615263",
          "CSAFPID-1615264",
          "CSAFPID-894438"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-2004",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2004.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1615260",
            "CSAFPID-1615261",
            "CSAFPID-1615262",
            "CSAFPID-1615263",
            "CSAFPID-1615264",
            "CSAFPID-894438"
          ]
        }
      ],
      "title": "CVE-2024-2004"
    },
    {
      "cve": "CVE-2024-2379",
      "cwe": {
        "id": "CWE-295",
        "name": "Improper Certificate Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Certificate Validation",
          "title": "CWE-295"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1615260",
          "CSAFPID-1615261",
          "CSAFPID-1615262",
          "CSAFPID-1615263",
          "CSAFPID-1615264",
          "CSAFPID-894438"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-2379",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2379.json"
        }
      ],
      "title": "CVE-2024-2379"
    },
    {
      "cve": "CVE-2024-2398",
      "cwe": {
        "id": "CWE-772",
        "name": "Missing Release of Resource after Effective Lifetime"
      },
      "notes": [
        {
          "category": "other",
          "text": "Missing Release of Resource after Effective Lifetime",
          "title": "CWE-772"
        },
        {
          "category": "other",
          "text": "Missing Release of Memory after Effective Lifetime",
          "title": "CWE-401"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1615260",
          "CSAFPID-1615261",
          "CSAFPID-1615262",
          "CSAFPID-1615263",
          "CSAFPID-1615264",
          "CSAFPID-894438"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-2398",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2398.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1615260",
            "CSAFPID-1615261",
            "CSAFPID-1615262",
            "CSAFPID-1615263",
            "CSAFPID-1615264",
            "CSAFPID-894438"
          ]
        }
      ],
      "title": "CVE-2024-2398"
    },
    {
      "cve": "CVE-2024-2466",
      "cwe": {
        "id": "CWE-295",
        "name": "Improper Certificate Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Certificate Validation",
          "title": "CWE-295"
        },
        {
          "category": "other",
          "text": "Improper Validation of Certificate with Host Mismatch",
          "title": "CWE-297"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1615260",
          "CSAFPID-1615261",
          "CSAFPID-1615262",
          "CSAFPID-1615263",
          "CSAFPID-1615264",
          "CSAFPID-894438"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-2466",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2466.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1615260",
            "CSAFPID-1615261",
            "CSAFPID-1615262",
            "CSAFPID-1615263",
            "CSAFPID-1615264",
            "CSAFPID-894438"
          ]
        }
      ],
      "title": "CVE-2024-2466"
    },
    {
      "cve": "CVE-2024-6387",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
          "title": "CWE-362"
        },
        {
          "category": "other",
          "text": "Signal Handler Race Condition",
          "title": "CWE-364"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1637818",
          "CSAFPID-218852",
          "CSAFPID-455030"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-6387",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6387.json"
        }
      ],
      "title": "CVE-2024-6387"
    },
    {
      "cve": "CVE-2024-32006",
      "cwe": {
        "id": "CWE-613",
        "name": "Insufficient Session Expiration"
      },
      "notes": [
        {
          "category": "other",
          "text": "Insufficient Session Expiration",
          "title": "CWE-613"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1494867",
          "CSAFPID-894438"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-32006",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32006.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1494867",
            "CSAFPID-894438"
          ]
        }
      ],
      "title": "CVE-2024-32006"
    },
    {
      "cve": "CVE-2024-33698",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1637472",
          "CSAFPID-1637473",
          "CSAFPID-1637474",
          "CSAFPID-1637570",
          "CSAFPID-1637571",
          "CSAFPID-1496915",
          "CSAFPID-1637572",
          "CSAFPID-1637573",
          "CSAFPID-1458012",
          "CSAFPID-1458015",
          "CSAFPID-1458016",
          "CSAFPID-1458017",
          "CSAFPID-1470073",
          "CSAFPID-1637613",
          "CSAFPID-1637614",
          "CSAFPID-1637615",
          "CSAFPID-1637616",
          "CSAFPID-1637617",
          "CSAFPID-309392",
          "CSAFPID-1615256",
          "CSAFPID-1615257",
          "CSAFPID-1615258",
          "CSAFPID-1637618"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-33698",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33698.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1637472",
            "CSAFPID-1637473",
            "CSAFPID-1637474",
            "CSAFPID-1637570",
            "CSAFPID-1637571",
            "CSAFPID-1496915",
            "CSAFPID-1637572",
            "CSAFPID-1637573",
            "CSAFPID-1458012",
            "CSAFPID-1458015",
            "CSAFPID-1458016",
            "CSAFPID-1458017",
            "CSAFPID-1470073",
            "CSAFPID-1637613",
            "CSAFPID-1637614",
            "CSAFPID-1637615",
            "CSAFPID-1637616",
            "CSAFPID-1637617",
            "CSAFPID-309392",
            "CSAFPID-1615256",
            "CSAFPID-1615257",
            "CSAFPID-1615258",
            "CSAFPID-1637618"
          ]
        }
      ],
      "title": "CVE-2024-33698"
    },
    {
      "cve": "CVE-2024-34057",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
          "title": "CWE-120"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1637468",
          "CSAFPID-1637469",
          "CSAFPID-1637470",
          "CSAFPID-1637471",
          "CSAFPID-1637840",
          "CSAFPID-1637841",
          "CSAFPID-1637842"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-34057",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34057.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1637468",
            "CSAFPID-1637469",
            "CSAFPID-1637470",
            "CSAFPID-1637471",
            "CSAFPID-1637840",
            "CSAFPID-1637841",
            "CSAFPID-1637842"
          ]
        }
      ],
      "title": "CVE-2024-34057"
    },
    {
      "cve": "CVE-2024-35783",
      "cwe": {
        "id": "CWE-250",
        "name": "Execution with Unnecessary Privileges"
      },
      "notes": [
        {
          "category": "other",
          "text": "Execution with Unnecessary Privileges",
          "title": "CWE-250"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1470063",
          "CSAFPID-1637574",
          "CSAFPID-1637570",
          "CSAFPID-1457909",
          "CSAFPID-1637575",
          "CSAFPID-1637576",
          "CSAFPID-1457962",
          "CSAFPID-1457963",
          "CSAFPID-1457965",
          "CSAFPID-1457966",
          "CSAFPID-1457967",
          "CSAFPID-1625340",
          "CSAFPID-1637837",
          "CSAFPID-1637613",
          "CSAFPID-1501190",
          "CSAFPID-1637838",
          "CSAFPID-1637839",
          "CSAFPID-1501188",
          "CSAFPID-1501192",
          "CSAFPID-1501193",
          "CSAFPID-1501191",
          "CSAFPID-1501189"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-35783",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-35783.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1470063",
            "CSAFPID-1637574",
            "CSAFPID-1637570",
            "CSAFPID-1457909",
            "CSAFPID-1637575",
            "CSAFPID-1637576",
            "CSAFPID-1457962",
            "CSAFPID-1457963",
            "CSAFPID-1457965",
            "CSAFPID-1457966",
            "CSAFPID-1457967",
            "CSAFPID-1625340",
            "CSAFPID-1637837",
            "CSAFPID-1637613",
            "CSAFPID-1501190",
            "CSAFPID-1637838",
            "CSAFPID-1637839",
            "CSAFPID-1501188",
            "CSAFPID-1501192",
            "CSAFPID-1501193",
            "CSAFPID-1501191",
            "CSAFPID-1501189"
          ]
        }
      ],
      "title": "CVE-2024-35783"
    },
    {
      "cve": "CVE-2024-37990",
      "cwe": {
        "id": "CWE-912",
        "name": "Hidden Functionality"
      },
      "notes": [
        {
          "category": "other",
          "text": "Hidden Functionality",
          "title": "CWE-912"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1637577",
          "CSAFPID-1637578",
          "CSAFPID-1637579",
          "CSAFPID-1637580",
          "CSAFPID-1637581",
          "CSAFPID-1637582",
          "CSAFPID-1637583",
          "CSAFPID-1637584",
          "CSAFPID-1637585",
          "CSAFPID-1637586",
          "CSAFPID-1637587",
          "CSAFPID-1637588",
          "CSAFPID-1637589",
          "CSAFPID-1637590",
          "CSAFPID-1637591",
          "CSAFPID-1637592",
          "CSAFPID-1637593",
          "CSAFPID-1637594",
          "CSAFPID-1637595",
          "CSAFPID-1637596",
          "CSAFPID-1637597",
          "CSAFPID-1637598",
          "CSAFPID-1637599",
          "CSAFPID-1637600",
          "CSAFPID-1637601",
          "CSAFPID-1637602",
          "CSAFPID-1637603",
          "CSAFPID-1637857",
          "CSAFPID-1637858",
          "CSAFPID-1637859",
          "CSAFPID-1637860",
          "CSAFPID-1637861",
          "CSAFPID-1637862",
          "CSAFPID-1637863",
          "CSAFPID-1637864",
          "CSAFPID-1637865",
          "CSAFPID-1637866",
          "CSAFPID-1637867",
          "CSAFPID-1637868",
          "CSAFPID-1637869",
          "CSAFPID-1637870",
          "CSAFPID-1637871",
          "CSAFPID-1637872",
          "CSAFPID-1637873",
          "CSAFPID-1637874",
          "CSAFPID-1637875",
          "CSAFPID-1637876",
          "CSAFPID-1637877",
          "CSAFPID-1637878",
          "CSAFPID-1637879",
          "CSAFPID-1637880",
          "CSAFPID-1637881",
          "CSAFPID-1637882",
          "CSAFPID-1637883"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-37990",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37990.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1637577",
            "CSAFPID-1637578",
            "CSAFPID-1637579",
            "CSAFPID-1637580",
            "CSAFPID-1637581",
            "CSAFPID-1637582",
            "CSAFPID-1637583",
            "CSAFPID-1637584",
            "CSAFPID-1637585",
            "CSAFPID-1637586",
            "CSAFPID-1637587",
            "CSAFPID-1637588",
            "CSAFPID-1637589",
            "CSAFPID-1637590",
            "CSAFPID-1637591",
            "CSAFPID-1637592",
            "CSAFPID-1637593",
            "CSAFPID-1637594",
            "CSAFPID-1637595",
            "CSAFPID-1637596",
            "CSAFPID-1637597",
            "CSAFPID-1637598",
            "CSAFPID-1637599",
            "CSAFPID-1637600",
            "CSAFPID-1637601",
            "CSAFPID-1637602",
            "CSAFPID-1637603",
            "CSAFPID-1637857",
            "CSAFPID-1637858",
            "CSAFPID-1637859",
            "CSAFPID-1637860",
            "CSAFPID-1637861",
            "CSAFPID-1637862",
            "CSAFPID-1637863",
            "CSAFPID-1637864",
            "CSAFPID-1637865",
            "CSAFPID-1637866",
            "CSAFPID-1637867",
            "CSAFPID-1637868",
            "CSAFPID-1637869",
            "CSAFPID-1637870",
            "CSAFPID-1637871",
            "CSAFPID-1637872",
            "CSAFPID-1637873",
            "CSAFPID-1637874",
            "CSAFPID-1637875",
            "CSAFPID-1637876",
            "CSAFPID-1637877",
            "CSAFPID-1637878",
            "CSAFPID-1637879",
            "CSAFPID-1637880",
            "CSAFPID-1637881",
            "CSAFPID-1637882",
            "CSAFPID-1637883"
          ]
        }
      ],
      "title": "CVE-2024-37990"
    },
    {
      "cve": "CVE-2024-37992",
      "cwe": {
        "id": "CWE-703",
        "name": "Improper Check or Handling of Exceptional Conditions"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Check or Handling of Exceptional Conditions",
          "title": "CWE-703"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1637577",
          "CSAFPID-1637578",
          "CSAFPID-1637579",
          "CSAFPID-1637580",
          "CSAFPID-1637581",
          "CSAFPID-1637582",
          "CSAFPID-1637583",
          "CSAFPID-1637584",
          "CSAFPID-1637585",
          "CSAFPID-1637586",
          "CSAFPID-1637587",
          "CSAFPID-1637588",
          "CSAFPID-1637589",
          "CSAFPID-1637590",
          "CSAFPID-1637591",
          "CSAFPID-1637592",
          "CSAFPID-1637593",
          "CSAFPID-1637594",
          "CSAFPID-1637595",
          "CSAFPID-1637596",
          "CSAFPID-1637597",
          "CSAFPID-1637598",
          "CSAFPID-1637599",
          "CSAFPID-1637600",
          "CSAFPID-1637601",
          "CSAFPID-1637602",
          "CSAFPID-1637603",
          "CSAFPID-1637857",
          "CSAFPID-1637858",
          "CSAFPID-1637859",
          "CSAFPID-1637860",
          "CSAFPID-1637861",
          "CSAFPID-1637862",
          "CSAFPID-1637863",
          "CSAFPID-1637864",
          "CSAFPID-1637865",
          "CSAFPID-1637866",
          "CSAFPID-1637867",
          "CSAFPID-1637868",
          "CSAFPID-1637869",
          "CSAFPID-1637870",
          "CSAFPID-1637871",
          "CSAFPID-1637872",
          "CSAFPID-1637873",
          "CSAFPID-1637874",
          "CSAFPID-1637875",
          "CSAFPID-1637876",
          "CSAFPID-1637877",
          "CSAFPID-1637878",
          "CSAFPID-1637879",
          "CSAFPID-1637880",
          "CSAFPID-1637881",
          "CSAFPID-1637882",
          "CSAFPID-1637883"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-37992",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37992.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1637577",
            "CSAFPID-1637578",
            "CSAFPID-1637579",
            "CSAFPID-1637580",
            "CSAFPID-1637581",
            "CSAFPID-1637582",
            "CSAFPID-1637583",
            "CSAFPID-1637584",
            "CSAFPID-1637585",
            "CSAFPID-1637586",
            "CSAFPID-1637587",
            "CSAFPID-1637588",
            "CSAFPID-1637589",
            "CSAFPID-1637590",
            "CSAFPID-1637591",
            "CSAFPID-1637592",
            "CSAFPID-1637593",
            "CSAFPID-1637594",
            "CSAFPID-1637595",
            "CSAFPID-1637596",
            "CSAFPID-1637597",
            "CSAFPID-1637598",
            "CSAFPID-1637599",
            "CSAFPID-1637600",
            "CSAFPID-1637601",
            "CSAFPID-1637602",
            "CSAFPID-1637603",
            "CSAFPID-1637857",
            "CSAFPID-1637858",
            "CSAFPID-1637859",
            "CSAFPID-1637860",
            "CSAFPID-1637861",
            "CSAFPID-1637862",
            "CSAFPID-1637863",
            "CSAFPID-1637864",
            "CSAFPID-1637865",
            "CSAFPID-1637866",
            "CSAFPID-1637867",
            "CSAFPID-1637868",
            "CSAFPID-1637869",
            "CSAFPID-1637870",
            "CSAFPID-1637871",
            "CSAFPID-1637872",
            "CSAFPID-1637873",
            "CSAFPID-1637874",
            "CSAFPID-1637875",
            "CSAFPID-1637876",
            "CSAFPID-1637877",
            "CSAFPID-1637878",
            "CSAFPID-1637879",
            "CSAFPID-1637880",
            "CSAFPID-1637881",
            "CSAFPID-1637882",
            "CSAFPID-1637883"
          ]
        }
      ],
      "title": "CVE-2024-37992"
    },
    {
      "cve": "CVE-2024-37993",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1637577",
          "CSAFPID-1637578",
          "CSAFPID-1637579",
          "CSAFPID-1637580",
          "CSAFPID-1637581",
          "CSAFPID-1637582",
          "CSAFPID-1637583",
          "CSAFPID-1637584",
          "CSAFPID-1637585",
          "CSAFPID-1637586",
          "CSAFPID-1637587",
          "CSAFPID-1637588",
          "CSAFPID-1637589",
          "CSAFPID-1637590",
          "CSAFPID-1637591",
          "CSAFPID-1637592",
          "CSAFPID-1637593",
          "CSAFPID-1637594",
          "CSAFPID-1637595",
          "CSAFPID-1637596",
          "CSAFPID-1637597",
          "CSAFPID-1637598",
          "CSAFPID-1637599",
          "CSAFPID-1637600",
          "CSAFPID-1637601",
          "CSAFPID-1637602",
          "CSAFPID-1637603",
          "CSAFPID-1637857",
          "CSAFPID-1637858",
          "CSAFPID-1637859",
          "CSAFPID-1637860",
          "CSAFPID-1637861",
          "CSAFPID-1637862",
          "CSAFPID-1637863",
          "CSAFPID-1637864",
          "CSAFPID-1637865",
          "CSAFPID-1637866",
          "CSAFPID-1637867",
          "CSAFPID-1637868",
          "CSAFPID-1637869",
          "CSAFPID-1637870",
          "CSAFPID-1637871",
          "CSAFPID-1637872",
          "CSAFPID-1637873",
          "CSAFPID-1637874",
          "CSAFPID-1637875",
          "CSAFPID-1637876",
          "CSAFPID-1637877",
          "CSAFPID-1637878",
          "CSAFPID-1637879",
          "CSAFPID-1637880",
          "CSAFPID-1637881",
          "CSAFPID-1637882",
          "CSAFPID-1637883"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-37993",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37993.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1637577",
            "CSAFPID-1637578",
            "CSAFPID-1637579",
            "CSAFPID-1637580",
            "CSAFPID-1637581",
            "CSAFPID-1637582",
            "CSAFPID-1637583",
            "CSAFPID-1637584",
            "CSAFPID-1637585",
            "CSAFPID-1637586",
            "CSAFPID-1637587",
            "CSAFPID-1637588",
            "CSAFPID-1637589",
            "CSAFPID-1637590",
            "CSAFPID-1637591",
            "CSAFPID-1637592",
            "CSAFPID-1637593",
            "CSAFPID-1637594",
            "CSAFPID-1637595",
            "CSAFPID-1637596",
            "CSAFPID-1637597",
            "CSAFPID-1637598",
            "CSAFPID-1637599",
            "CSAFPID-1637600",
            "CSAFPID-1637601",
            "CSAFPID-1637602",
            "CSAFPID-1637603",
            "CSAFPID-1637857",
            "CSAFPID-1637858",
            "CSAFPID-1637859",
            "CSAFPID-1637860",
            "CSAFPID-1637861",
            "CSAFPID-1637862",
            "CSAFPID-1637863",
            "CSAFPID-1637864",
            "CSAFPID-1637865",
            "CSAFPID-1637866",
            "CSAFPID-1637867",
            "CSAFPID-1637868",
            "CSAFPID-1637869",
            "CSAFPID-1637870",
            "CSAFPID-1637871",
            "CSAFPID-1637872",
            "CSAFPID-1637873",
            "CSAFPID-1637874",
            "CSAFPID-1637875",
            "CSAFPID-1637876",
            "CSAFPID-1637877",
            "CSAFPID-1637878",
            "CSAFPID-1637879",
            "CSAFPID-1637880",
            "CSAFPID-1637881",
            "CSAFPID-1637882",
            "CSAFPID-1637883"
          ]
        }
      ],
      "title": "CVE-2024-37993"
    },
    {
      "cve": "CVE-2024-37994",
      "cwe": {
        "id": "CWE-912",
        "name": "Hidden Functionality"
      },
      "notes": [
        {
          "category": "other",
          "text": "Hidden Functionality",
          "title": "CWE-912"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1637577",
          "CSAFPID-1637578",
          "CSAFPID-1637579",
          "CSAFPID-1637580",
          "CSAFPID-1637581",
          "CSAFPID-1637582",
          "CSAFPID-1637583",
          "CSAFPID-1637584",
          "CSAFPID-1637585",
          "CSAFPID-1637586",
          "CSAFPID-1637587",
          "CSAFPID-1637588",
          "CSAFPID-1637589",
          "CSAFPID-1637590",
          "CSAFPID-1637591",
          "CSAFPID-1637592",
          "CSAFPID-1637593",
          "CSAFPID-1637594",
          "CSAFPID-1637595",
          "CSAFPID-1637596",
          "CSAFPID-1637597",
          "CSAFPID-1637598",
          "CSAFPID-1637599",
          "CSAFPID-1637600",
          "CSAFPID-1637601",
          "CSAFPID-1637602",
          "CSAFPID-1637603",
          "CSAFPID-1637857",
          "CSAFPID-1637858",
          "CSAFPID-1637859",
          "CSAFPID-1637860",
          "CSAFPID-1637861",
          "CSAFPID-1637862",
          "CSAFPID-1637863",
          "CSAFPID-1637864",
          "CSAFPID-1637865",
          "CSAFPID-1637866",
          "CSAFPID-1637867",
          "CSAFPID-1637868",
          "CSAFPID-1637869",
          "CSAFPID-1637870",
          "CSAFPID-1637871",
          "CSAFPID-1637872",
          "CSAFPID-1637873",
          "CSAFPID-1637874",
          "CSAFPID-1637875",
          "CSAFPID-1637876",
          "CSAFPID-1637877",
          "CSAFPID-1637878",
          "CSAFPID-1637879",
          "CSAFPID-1637880",
          "CSAFPID-1637881",
          "CSAFPID-1637882",
          "CSAFPID-1637883"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-37994",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37994.json"
        }
      ],
      "title": "CVE-2024-37994"
    },
    {
      "cve": "CVE-2024-37995",
      "cwe": {
        "id": "CWE-703",
        "name": "Improper Check or Handling of Exceptional Conditions"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Check or Handling of Exceptional Conditions",
          "title": "CWE-703"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1637577",
          "CSAFPID-1637578",
          "CSAFPID-1637579",
          "CSAFPID-1637580",
          "CSAFPID-1637581",
          "CSAFPID-1637582",
          "CSAFPID-1637583",
          "CSAFPID-1637584",
          "CSAFPID-1637585",
          "CSAFPID-1637586",
          "CSAFPID-1637587",
          "CSAFPID-1637588",
          "CSAFPID-1637589",
          "CSAFPID-1637590",
          "CSAFPID-1637591",
          "CSAFPID-1637592",
          "CSAFPID-1637593",
          "CSAFPID-1637594",
          "CSAFPID-1637595",
          "CSAFPID-1637596",
          "CSAFPID-1637597",
          "CSAFPID-1637598",
          "CSAFPID-1637599",
          "CSAFPID-1637600",
          "CSAFPID-1637601",
          "CSAFPID-1637602",
          "CSAFPID-1637603",
          "CSAFPID-1637857",
          "CSAFPID-1637858",
          "CSAFPID-1637859",
          "CSAFPID-1637860",
          "CSAFPID-1637861",
          "CSAFPID-1637862",
          "CSAFPID-1637863",
          "CSAFPID-1637864",
          "CSAFPID-1637865",
          "CSAFPID-1637866",
          "CSAFPID-1637867",
          "CSAFPID-1637868",
          "CSAFPID-1637869",
          "CSAFPID-1637870",
          "CSAFPID-1637871",
          "CSAFPID-1637872",
          "CSAFPID-1637873",
          "CSAFPID-1637874",
          "CSAFPID-1637875",
          "CSAFPID-1637876",
          "CSAFPID-1637877",
          "CSAFPID-1637878",
          "CSAFPID-1637879",
          "CSAFPID-1637880",
          "CSAFPID-1637881",
          "CSAFPID-1637882",
          "CSAFPID-1637883"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-37995",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37995.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1637577",
            "CSAFPID-1637578",
            "CSAFPID-1637579",
            "CSAFPID-1637580",
            "CSAFPID-1637581",
            "CSAFPID-1637582",
            "CSAFPID-1637583",
            "CSAFPID-1637584",
            "CSAFPID-1637585",
            "CSAFPID-1637586",
            "CSAFPID-1637587",
            "CSAFPID-1637588",
            "CSAFPID-1637589",
            "CSAFPID-1637590",
            "CSAFPID-1637591",
            "CSAFPID-1637592",
            "CSAFPID-1637593",
            "CSAFPID-1637594",
            "CSAFPID-1637595",
            "CSAFPID-1637596",
            "CSAFPID-1637597",
            "CSAFPID-1637598",
            "CSAFPID-1637599",
            "CSAFPID-1637600",
            "CSAFPID-1637601",
            "CSAFPID-1637602",
            "CSAFPID-1637603",
            "CSAFPID-1637857",
            "CSAFPID-1637858",
            "CSAFPID-1637859",
            "CSAFPID-1637860",
            "CSAFPID-1637861",
            "CSAFPID-1637862",
            "CSAFPID-1637863",
            "CSAFPID-1637864",
            "CSAFPID-1637865",
            "CSAFPID-1637866",
            "CSAFPID-1637867",
            "CSAFPID-1637868",
            "CSAFPID-1637869",
            "CSAFPID-1637870",
            "CSAFPID-1637871",
            "CSAFPID-1637872",
            "CSAFPID-1637873",
            "CSAFPID-1637874",
            "CSAFPID-1637875",
            "CSAFPID-1637876",
            "CSAFPID-1637877",
            "CSAFPID-1637878",
            "CSAFPID-1637879",
            "CSAFPID-1637880",
            "CSAFPID-1637881",
            "CSAFPID-1637882",
            "CSAFPID-1637883"
          ]
        }
      ],
      "title": "CVE-2024-37995"
    },
    {
      "cve": "CVE-2024-38355",
      "cwe": {
        "id": "CWE-754",
        "name": "Improper Check for Unusual or Exceptional Conditions"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Check for Unusual or Exceptional Conditions",
          "title": "CWE-754"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-855579",
          "CSAFPID-1637480",
          "CSAFPID-1637481",
          "CSAFPID-165973",
          "CSAFPID-186768",
          "CSAFPID-1637482",
          "CSAFPID-1637483",
          "CSAFPID-1637884",
          "CSAFPID-1637885",
          "CSAFPID-1637886",
          "CSAFPID-1637616",
          "CSAFPID-1637617",
          "CSAFPID-1637887",
          "CSAFPID-1501188",
          "CSAFPID-1501192",
          "CSAFPID-1637888",
          "CSAFPID-1501193",
          "CSAFPID-1501191",
          "CSAFPID-1501189",
          "CSAFPID-766096"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-38355",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38355.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-855579",
            "CSAFPID-1637480",
            "CSAFPID-1637481",
            "CSAFPID-165973",
            "CSAFPID-186768",
            "CSAFPID-1637482",
            "CSAFPID-1637483",
            "CSAFPID-1637884",
            "CSAFPID-1637885",
            "CSAFPID-1637886",
            "CSAFPID-1637616",
            "CSAFPID-1637617",
            "CSAFPID-1637887",
            "CSAFPID-1501188",
            "CSAFPID-1501192",
            "CSAFPID-1637888",
            "CSAFPID-1501193",
            "CSAFPID-1501191",
            "CSAFPID-1501189",
            "CSAFPID-766096"
          ]
        }
      ],
      "title": "CVE-2024-38355"
    },
    {
      "cve": "CVE-2024-41170",
      "cwe": {
        "id": "CWE-121",
        "name": "Stack-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Stack-based Buffer Overflow",
          "title": "CWE-121"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1465025",
          "CSAFPID-1476361",
          "CSAFPID-1637816",
          "CSAFPID-1637817"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-41170",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41170.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1465025",
            "CSAFPID-1476361",
            "CSAFPID-1637816",
            "CSAFPID-1637817"
          ]
        }
      ],
      "title": "CVE-2024-41170"
    },
    {
      "cve": "CVE-2024-41171",
      "cwe": {
        "id": "CWE-732",
        "name": "Incorrect Permission Assignment for Critical Resource"
      },
      "notes": [
        {
          "category": "other",
          "text": "Incorrect Permission Assignment for Critical Resource",
          "title": "CWE-732"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1637606",
          "CSAFPID-1637607",
          "CSAFPID-1637608",
          "CSAFPID-1457969",
          "CSAFPID-1637627",
          "CSAFPID-1637762",
          "CSAFPID-1637628",
          "CSAFPID-455030"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-41171",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41171.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1637606",
            "CSAFPID-1637607",
            "CSAFPID-1637608",
            "CSAFPID-1457969",
            "CSAFPID-1637627",
            "CSAFPID-1637762",
            "CSAFPID-1637628",
            "CSAFPID-455030"
          ]
        }
      ],
      "title": "CVE-2024-41171"
    },
    {
      "cve": "CVE-2024-42344",
      "cwe": {
        "id": "CWE-532",
        "name": "Insertion of Sensitive Information into Log File"
      },
      "notes": [
        {
          "category": "other",
          "text": "Insertion of Sensitive Information into Log File",
          "title": "CWE-532"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1494867",
          "CSAFPID-894438"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-42344",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42344.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1494867",
            "CSAFPID-894438"
          ]
        }
      ],
      "title": "CVE-2024-42344"
    },
    {
      "cve": "CVE-2024-42345",
      "cwe": {
        "id": "CWE-384",
        "name": "Session Fixation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Session Fixation",
          "title": "CWE-384"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1496914",
          "CSAFPID-218852"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-42345",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42345.json"
        }
      ],
      "title": "CVE-2024-42345"
    },
    {
      "cve": "CVE-2024-43781",
      "cwe": {
        "id": "CWE-532",
        "name": "Insertion of Sensitive Information into Log File"
      },
      "notes": [
        {
          "category": "other",
          "text": "Insertion of Sensitive Information into Log File",
          "title": "CWE-532"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1637606",
          "CSAFPID-1637608",
          "CSAFPID-1457969",
          "CSAFPID-1637627",
          "CSAFPID-1637628",
          "CSAFPID-455030"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-43781",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-43781.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1637606",
            "CSAFPID-1637608",
            "CSAFPID-1457969",
            "CSAFPID-1637627",
            "CSAFPID-1637628",
            "CSAFPID-455030"
          ]
        }
      ],
      "title": "CVE-2024-43781"
    },
    {
      "cve": "CVE-2024-44087",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "notes": [
        {
          "category": "other",
          "text": "Integer Overflow or Wraparound",
          "title": "CWE-190"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1553852",
          "CSAFPID-1637609",
          "CSAFPID-1637610",
          "CSAFPID-1637629",
          "CSAFPID-1637630",
          "CSAFPID-1637631"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-44087",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44087.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1553852",
            "CSAFPID-1637609",
            "CSAFPID-1637610",
            "CSAFPID-1637629",
            "CSAFPID-1637630",
            "CSAFPID-1637631"
          ]
        }
      ],
      "title": "CVE-2024-44087"
    },
    {
      "cve": "CVE-2024-45032",
      "cwe": {
        "id": "CWE-639",
        "name": "Authorization Bypass Through User-Controlled Key"
      },
      "notes": [
        {
          "category": "other",
          "text": "Authorization Bypass Through User-Controlled Key",
          "title": "CWE-639"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1637611",
          "CSAFPID-1637612",
          "CSAFPID-1637809",
          "CSAFPID-1637810"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-45032",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45032.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1637611",
            "CSAFPID-1637612",
            "CSAFPID-1637809",
            "CSAFPID-1637810"
          ]
        }
      ],
      "title": "CVE-2024-45032"
    }
  ]
}

CNVD-2024-38025

Vulnerability from cnvd - Published: 2024-09-12

Title

Siemens User Management Component (UMC) 堆缓冲区溢出漏洞

Description

SIMATIC PCS neo是一个分布式控制系统（DCS）。SINEC NMS是面向数字企业的新一代网络管理系统（NMS）。该系统可用于集中监控、管理和配置网络。Totally Integrated Automation Portal (TIA Portal)是一款PC软件，提供对西门子全方位数字化自动化服务的访问，从数字规划和集成工程到透明操作。 User Management Component (UMC)是一个集成组件，可以在系统范围内对用户进行集中维护。 Siemens User Management Component (UMC) 存在堆缓冲区溢出漏洞，攻击者可利用该漏洞执行任意代码。

Severity

高

Patch Name

Siemens User Management Component (UMC) 堆缓冲区溢出漏洞的补丁

Patch Description

Formal description

用户可参考如下供应商提供的安全公告获得补丁信息： https://cert-portal.siemens.com/productcert/html/ssa-039007.html

Reference

https://cert-portal.siemens.com/productcert/html/ssa-039007.html

Impacted products

Name
['Siemens SINEC NMS', 'Siemens Totally Integrated Automation Portal (TIA Portal) V16', 'Siemens Totally Integrated Automation Portal (TIA Portal) V17', 'Siemens Totally Integrated Automation Portal (TIA Portal) V18', 'Siemens SIMATIC PCS neo V4.0', 'Siemens SIMATIC Information Server 2022', 'Siemens SIMATIC PCS neo V4.1', 'Siemens SIMATIC PCS neo V5.0', 'Siemens Totally Integrated Automation Portal (TIA Portal) V19']

Name

['Siemens SINEC NMS', 'Siemens Totally Integrated Automation Portal (TIA Portal) V16', 'Siemens Totally Integrated Automation Portal (TIA Portal) V17', 'Siemens Totally Integrated Automation Portal (TIA Portal) V18', 'Siemens SIMATIC PCS neo V4.0', 'Siemens SIMATIC Information Server 2022', 'Siemens SIMATIC PCS neo V4.1', 'Siemens SIMATIC PCS neo V5.0', 'Siemens Totally Integrated Automation Portal (TIA Portal) V19']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-33698"
    }
  },
  "description": "SIMATIC PCS neo\u662f\u4e00\u4e2a\u5206\u5e03\u5f0f\u63a7\u5236\u7cfb\u7edf\uff08DCS\uff09\u3002SINEC NMS\u662f\u9762\u5411\u6570\u5b57\u4f01\u4e1a\u7684\u65b0\u4e00\u4ee3\u7f51\u7edc\u7ba1\u7406\u7cfb\u7edf\uff08NMS\uff09\u3002\u8be5\u7cfb\u7edf\u53ef\u7528\u4e8e\u96c6\u4e2d\u76d1\u63a7\u3001\u7ba1\u7406\u548c\u914d\u7f6e\u7f51\u7edc\u3002Totally Integrated Automation Portal (TIA Portal)\u662f\u4e00\u6b3ePC\u8f6f\u4ef6\uff0c\u63d0\u4f9b\u5bf9\u897f\u95e8\u5b50\u5168\u65b9\u4f4d\u6570\u5b57\u5316\u81ea\u52a8\u5316\u670d\u52a1\u7684\u8bbf\u95ee\uff0c\u4ece\u6570\u5b57\u89c4\u5212\u548c\u96c6\u6210\u5de5\u7a0b\u5230\u900f\u660e\u64cd\u4f5c\u3002 User Management Component (UMC)\u662f\u4e00\u4e2a\u96c6\u6210\u7ec4\u4ef6\uff0c\u53ef\u4ee5\u5728\u7cfb\u7edf\u8303\u56f4\u5185\u5bf9\u7528\u6237\u8fdb\u884c\u96c6\u4e2d\u7ef4\u62a4\u3002\n\nSiemens User Management Component (UMC) \u5b58\u5728\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://cert-portal.siemens.com/productcert/html/ssa-039007.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-38025",
  "openTime": "2024-09-12",
  "patchDescription": "SIMATIC PCS neo\u662f\u4e00\u4e2a\u5206\u5e03\u5f0f\u63a7\u5236\u7cfb\u7edf\uff08DCS\uff09\u3002SINEC NMS\u662f\u9762\u5411\u6570\u5b57\u4f01\u4e1a\u7684\u65b0\u4e00\u4ee3\u7f51\u7edc\u7ba1\u7406\u7cfb\u7edf\uff08NMS\uff09\u3002\u8be5\u7cfb\u7edf\u53ef\u7528\u4e8e\u96c6\u4e2d\u76d1\u63a7\u3001\u7ba1\u7406\u548c\u914d\u7f6e\u7f51\u7edc\u3002Totally Integrated Automation Portal (TIA Portal)\u662f\u4e00\u6b3ePC\u8f6f\u4ef6\uff0c\u63d0\u4f9b\u5bf9\u897f\u95e8\u5b50\u5168\u65b9\u4f4d\u6570\u5b57\u5316\u81ea\u52a8\u5316\u670d\u52a1\u7684\u8bbf\u95ee\uff0c\u4ece\u6570\u5b57\u89c4\u5212\u548c\u96c6\u6210\u5de5\u7a0b\u5230\u900f\u660e\u64cd\u4f5c\u3002 User Management Component (UMC)\u662f\u4e00\u4e2a\u96c6\u6210\u7ec4\u4ef6\uff0c\u53ef\u4ee5\u5728\u7cfb\u7edf\u8303\u56f4\u5185\u5bf9\u7528\u6237\u8fdb\u884c\u96c6\u4e2d\u7ef4\u62a4\u3002\r\n\r\nSiemens User Management Component (UMC) \u5b58\u5728\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens User Management Component (UMC) \u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Siemens SINEC NMS",
      "Siemens Totally Integrated Automation Portal (TIA Portal) V16",
      "Siemens Totally Integrated Automation Portal (TIA Portal) V17",
      "Siemens Totally Integrated Automation Portal (TIA Portal) V18",
      "Siemens SIMATIC PCS neo V4.0",
      "Siemens SIMATIC Information Server 2022",
      "Siemens SIMATIC PCS neo V4.1",
      "Siemens SIMATIC PCS neo V5.0",
      "Siemens Totally Integrated Automation Portal (TIA Portal) V19"
    ]
  },
  "referenceLink": "https://cert-portal.siemens.com/productcert/html/ssa-039007.html",
  "serverity": "\u9ad8",
  "submitTime": "2024-09-12",
  "title": "Siemens User Management Component (UMC) \u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

SSA-039007

Vulnerability from csaf_siemens - Published: 2024-09-10 00:00 - Updated: 2025-10-14 00:00

Summary

SSA-039007: Heap-based Buffer Overflow Vulnerability in User Management Component (UMC)

Notes

Summary

Siemens User Management Component (UMC) is affected by a heap-based buffer overflow vulnerability which could allow an unauthenticated remote attacker arbitrary code execution. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.

General Recommendations

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

Additional Resources

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Siemens User Management Component (UMC) is affected by a heap-based buffer overflow vulnerability which could allow an unauthenticated remote attacker arbitrary code execution.\n\nSiemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
        "title": "General Recommendations"
      },
      {
        "category": "general",
        "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "productcert@siemens.com",
      "name": "Siemens ProductCERT",
      "namespace": "https://www.siemens.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "SSA-039007: Heap-based Buffer Overflow Vulnerability in User Management Component (UMC) - HTML Version",
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-039007.html"
      },
      {
        "category": "self",
        "summary": "SSA-039007: Heap-based Buffer Overflow Vulnerability in User Management Component (UMC) - CSAF Version",
        "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-039007.json"
      }
    ],
    "title": "SSA-039007: Heap-based Buffer Overflow Vulnerability in User Management Component (UMC)",
    "tracking": {
      "current_release_date": "2025-10-14T00:00:00Z",
      "generator": {
        "engine": {
          "name": "Siemens ProductCERT CSAF Generator",
          "version": "1"
        }
      },
      "id": "SSA-039007",
      "initial_release_date": "2024-09-10T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-09-10T00:00:00Z",
          "legacy_version": "1.0",
          "number": "1",
          "summary": "Publication Date"
        },
        {
          "date": "2024-10-08T00:00:00Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Added fix for Totally Integrated Automation Portal (TIA Portal) V19 and clarified formulation for mitigation"
        },
        {
          "date": "2024-11-12T00:00:00Z",
          "legacy_version": "1.2",
          "number": "3",
          "summary": "Added affected products Opcenter Execution Foundation, Opcenter Quality and Opcenter RDL. Added fix for Totally Integrated Automation Portal (TIA Portal) V18. Clarified no fix planned for product Totally Integrated Automation Portal (TIA Portal) V16"
        },
        {
          "date": "2025-01-14T00:00:00Z",
          "legacy_version": "1.3",
          "number": "4",
          "summary": "Added fix for SIMATIC PCS neo V5.0. Removed SIMATIC Information Server 2022 and SIMATIC Information Server 2024 as not affected"
        },
        {
          "date": "2025-03-11T00:00:00Z",
          "legacy_version": "1.4",
          "number": "5",
          "summary": "Added SINEMA Remote Connect Client as affected product including fix"
        },
        {
          "date": "2025-05-13T00:00:00Z",
          "legacy_version": "1.5",
          "number": "6",
          "summary": "Updated remediation for SINEC NMS to point directly to the update of UMC"
        },
        {
          "date": "2025-10-14T00:00:00Z",
          "legacy_version": "1.6",
          "number": "7",
          "summary": "Added remediation for Opcenter RDnL and Opcenter Quality"
        }
      ],
      "status": "interim",
      "version": "7"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c2406",
                "product": {
                  "name": "Opcenter Quality",
                  "product_id": "1"
                }
              }
            ],
            "category": "product_name",
            "name": "Opcenter Quality"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c2410",
                "product": {
                  "name": "Opcenter RDnL",
                  "product_id": "2"
                }
              }
            ],
            "category": "product_name",
            "name": "Opcenter RDnL"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC PCS neo V4.0",
                  "product_id": "3"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC PCS neo V4.0"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "All versions \u003c V4.1 Update 2",
                "product": {
                  "name": "SIMATIC PCS neo V4.1",
                  "product_id": "4"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC PCS neo V4.1"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "All versions \u003c V5.0 Update 1",
                "product": {
                  "name": "SIMATIC PCS neo V5.0",
                  "product_id": "5"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC PCS neo V5.0"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SINEC NMS",
                  "product_id": "6"
                }
              }
            ],
            "category": "product_name",
            "name": "SINEC NMS"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "All versions \u003c V3.2 SP3",
                "product": {
                  "name": "SINEMA Remote Connect Client",
                  "product_id": "7"
                }
              }
            ],
            "category": "product_name",
            "name": "SINEMA Remote Connect Client"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Totally Integrated Automation Portal (TIA Portal) V16",
                  "product_id": "8"
                }
              }
            ],
            "category": "product_name",
            "name": "Totally Integrated Automation Portal (TIA Portal) V16"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "All versions \u003c V17 Update 8",
                "product": {
                  "name": "Totally Integrated Automation Portal (TIA Portal) V17",
                  "product_id": "9"
                }
              }
            ],
            "category": "product_name",
            "name": "Totally Integrated Automation Portal (TIA Portal) V17"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "All versions \u003c V18 Update 5",
                "product": {
                  "name": "Totally Integrated Automation Portal (TIA Portal) V18",
                  "product_id": "10"
                }
              }
            ],
            "category": "product_name",
            "name": "Totally Integrated Automation Portal (TIA Portal) V18"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "All versions \u003c V19 Update 3",
                "product": {
                  "name": "Totally Integrated Automation Portal (TIA Portal) V19",
                  "product_id": "11"
                }
              }
            ],
            "category": "product_name",
            "name": "Totally Integrated Automation Portal (TIA Portal) V19"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-33698",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6",
          "7",
          "8",
          "9",
          "10",
          "11"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Filter the ports 4002 and 4004 to only accept connections to/from the IP addresses of machines that run UMC and are part of the UMC network e.g. with an external firewall",
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11"
          ]
        },
        {
          "category": "mitigation",
          "details": "In addition if no RT server machines are used, port 4004 can be blocked completely",
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11"
          ]
        },
        {
          "category": "no_fix_planned",
          "details": "Currently no fix is planned",
          "product_ids": [
            "3",
            "8"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V17 Update 8 or later version",
          "product_ids": [
            "9"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109784441/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V18 Update 5 or later version",
          "product_ids": [
            "10"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109817218/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V19 Update 3 or later version",
          "product_ids": [
            "11"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109925643/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2406 or later version",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2410 or later version",
          "product_ids": [
            "2"
          ],
          "url": "https://support.sw.siemens.com/product/297341591/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V3.2 SP3 or later version",
          "product_ids": [
            "7"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109976964/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V4.1 Update 2 or later version",
          "product_ids": [
            "4"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109972354/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V5.0 Update 1 or later version",
          "product_ids": [
            "5"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109977244/"
        },
        {
          "category": "vendor_fix",
          "details": "Update UMC to V2.15.1.1 or later compatible version https://support.industry.siemens.com/cs/ww/en/view/109987708/",
          "product_ids": [
            "6"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11"
          ]
        }
      ],
      "title": "CVE-2024-33698"
    }
  ]
}

CERTFR-2024-AVI-0757

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Siemens	N/A	SIMATIC BATCH V9.1 toutes versions pour la vulnérabilité CVE-2024-35783
Siemens	N/A	SIMATIC HMI Comfort Panels (incl. SIPLUS variants) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour les vulnérabilités CVE-2023-28827, CVE-2023-30755 et CVE-2023-30756.
Siemens	N/A	SIMATIC IPC DiagBase toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour les vulnérabilités CVE-2023-28827, CVE-2023-30755 et CVE-2023-30756.
Siemens	N/A	SIMATIC IPC DiagMonitor toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour les vulnérabilités CVE-2023-28827, CVE-2023-30755 et CVE-2023-30756.
Siemens	N/A	SIMATIC Information Server 2020 toutes versions pour la vulnérabilité CVE-2024-35783
Siemens	N/A	SIMATIC Information Server 2022 toutes versions pour la vulnérabilité CVE-2024-33698
Siemens	N/A	SIMATIC Information Server 2022 toutes versions pour la vulnérabilité CVE-2024-35783
Siemens	N/A	SIMATIC Information Server 2024 toutes versions pour la vulnérabilité CVE-2024-33698
Siemens	N/A	SIMATIC PCS 7 V9.1 toutes versions
Siemens	N/A	SIMATIC PCS neo V4.0 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-33698.
Siemens	N/A	SIMATIC PCS neo V5.0 toutes versions pour la vulnérabilité CVE-2024-33698
Siemens	N/A	SIMATIC PCS neo V5.0 toutes versions pour la vulnérabilité CVE-2024-38355
Siemens	N/A	SIMATIC Process Historian 2020 toutes versions pour la vulnérabilité CVE-2024-35783
Siemens	N/A	SIMATIC Process Historian 2022 toutes versions pour la vulnérabilité CVE-2024-35783
Siemens	N/A	SCALANCE W700 802.11 AX versions antérieures à V2.4.0
Siemens	N/A	SICAM SCC versions antérieures à V10.0
Siemens	N/A	SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) versions antérieures à V3.5.20
Siemens	N/A	SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) versions antérieures à V3.5.20
Siemens	N/A	SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) versions antérieures à V3.5.20
Siemens	N/A	SIMATIC CP 1243-1 (incl. SIPLUS variants) versions antérieures à V3.5.20
Siemens	N/A	SIMATIC CP 1243-7 LTE versions antérieures à V3.5.20
Siemens	N/A	SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) versions antérieures à V3.5.20
Siemens	N/A	SIMATIC PCS neo V4.1 versions antérieures à V4.1 Update 2
Siemens	N/A	SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) versions antérieures à V4.2
Siemens	N/A	Totally Integrated Automation Portal (TIA Portal) V18 toutes versions
Siemens	N/A	SIMATIC S7-200 SMART toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-43647.
Siemens	N/A	SIMATIC WinCC Runtime Advanced toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour les vulnérabilités CVE-2023-28827, CVE-2023-30755 et CVE-2023-30756.
Siemens	N/A	SIMATIC WinCC Runtime Professional V17 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-38355.
Siemens	N/A	SIMATIC WinCC Runtime Professional V18 toutes versions pour la vulnérabilité CVE-2024-35783
Siemens	N/A	SIMATIC WinCC Runtime Professional V18 toutes versions pour la vulnérabilité CVE-2024-38355
Siemens	N/A	SIMATIC WinCC Runtime Professional V19 toutes versions pour la vulnérabilité CVE-2024-35783
Siemens	N/A	SIMATIC WinCC Runtime Professional V19 toutes versions pour la vulnérabilité CVE-2024-38355
Siemens	N/A	SIMATIC WinCC Runtime Professional V20 toutes versions pour la vulnérabilité CVE-2024-38355
Siemens	N/A	SIMATIC WinCC V7.4 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-35783.
Siemens	N/A	SIMATIC WinCC V7.4 toutes versionswith installed WebRH. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-38355.
Siemens	N/A	SIMATIC WinCC V7.5 toutes versions pour la vulnérabilité CVE-2024-38355
Siemens	N/A	SIMATIC WinCC V8.0 toutes versions pour la vulnérabilité CVE-2024-38355
Siemens	N/A	Totally Integrated Automation Portal (TIA Portal) V16 toutes versions pour la vulnérabilité CVE-2024-33698
Siemens	N/A	Totally Integrated Automation Portal (TIA Portal) V19 toutes versions
Siemens	N/A	SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC RF1140R (6GT2831-6CB00) versions antérieures à V1.1
Siemens	N/A	SIMATIC RF1170R (6GT2831-6BB00) versions antérieures à V1.1
Siemens	N/A	SIMATIC RF166C (6GT2002-0EE20) versions antérieures à V2.2
Siemens	N/A	SIMATIC RF185C (6GT2002-0JE10) versions antérieures à V2.2
Siemens	N/A	SIMATIC RF186C (6GT2002-0JE20) versions antérieures à V2.2
Siemens	N/A	SIMATIC RF186CI (6GT2002-0JE50) versions antérieures à V2.2
Siemens	N/A	SIMATIC RF188C (6GT2002-0JE40) versions antérieures à V2.2
Siemens	N/A	SIMATIC RF188CI (6GT2002-0JE60) versions antérieures à V2.2
Siemens	N/A	SIMATIC RF360R (6GT2801-5BA30) versions antérieures à V2.2
Siemens	N/A	SIMATIC WinCC V7.5 versions antérieures à V7.5 SP2 Update 18
Siemens	N/A	SIMATIC WinCC V8.0 versions antérieures à V8.0 Update 5
Siemens	N/A	Totally Integrated Automation Portal (TIA Portal) V17 versions antérieures à V17 Update 8

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens SSA-721642	2024-09-10	vendor-advisory
Bulletin de sécurité Siemens SSA-969738	2024-09-10	vendor-advisory
Bulletin de sécurité Siemens SSA-673996	2024-09-10	vendor-advisory
Bulletin de sécurité Siemens SSA-773256	2024-09-10	vendor-advisory
Bulletin de sécurité Siemens SSA-423808	2024-09-10	vendor-advisory
Bulletin de sécurité Siemens SSA-039007	2024-09-10	vendor-advisory
Bulletin de sécurité Siemens SSA-629254	2024-09-10	vendor-advisory
Bulletin de sécurité Siemens SSA-765405	2024-09-10	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SIMATIC BATCH V9.1 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-35783",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC HMI Comfort Panels (incl. SIPLUS variants) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour les vuln\u00e9rabilit\u00e9s CVE-2023-28827, CVE-2023-30755 et CVE-2023-30756.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC DiagBase toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour les vuln\u00e9rabilit\u00e9s CVE-2023-28827, CVE-2023-30755 et CVE-2023-30756.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC DiagMonitor toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour les vuln\u00e9rabilit\u00e9s CVE-2023-28827, CVE-2023-30755 et CVE-2023-30756.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Information Server 2020 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-35783",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Information Server 2022 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-33698",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Information Server 2022 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-35783",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Information Server 2024 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-33698",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS 7 V9.1 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS neo V4.0 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-33698.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS neo V5.0 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-33698",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS neo V5.0 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-38355",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Process Historian 2020 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-35783",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Process Historian 2022 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-35783",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE W700 802.11 AX versions ant\u00e9rieures \u00e0 V2.4.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SICAM SCC versions ant\u00e9rieures \u00e0 V10.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) versions ant\u00e9rieures \u00e0 V3.5.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) versions ant\u00e9rieures \u00e0 V3.5.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) versions ant\u00e9rieures \u00e0 V3.5.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1243-1 (incl. SIPLUS variants) versions ant\u00e9rieures \u00e0 V3.5.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1243-7 LTE versions ant\u00e9rieures \u00e0 V3.5.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) versions ant\u00e9rieures \u00e0 V3.5.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS neo V4.1 versions ant\u00e9rieures \u00e0 V4.1 Update 2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Totally Integrated Automation Portal (TIA Portal) V18 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-200 SMART toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-43647.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Advanced toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour les vuln\u00e9rabilit\u00e9s CVE-2023-28827, CVE-2023-30755 et CVE-2023-30756.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Professional V17 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-38355.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Professional V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-35783",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Professional V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-38355",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Professional V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-35783",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Professional V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-38355",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Professional V20 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-38355",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V7.4 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-35783.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V7.4 toutes versionswith installed WebRH. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-38355.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V7.5 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-38355",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V8.0 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-38355",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Totally Integrated Automation Portal (TIA Portal) V16 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-33698",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Totally Integrated Automation Portal (TIA Portal) V19 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF1140R (6GT2831-6CB00) versions ant\u00e9rieures \u00e0 V1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF1170R (6GT2831-6BB00) versions ant\u00e9rieures \u00e0 V1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF166C (6GT2002-0EE20) versions ant\u00e9rieures \u00e0 V2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF185C (6GT2002-0JE10) versions ant\u00e9rieures \u00e0 V2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF186C (6GT2002-0JE20) versions ant\u00e9rieures \u00e0 V2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF186CI (6GT2002-0JE50) versions ant\u00e9rieures \u00e0 V2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF188C (6GT2002-0JE40) versions ant\u00e9rieures \u00e0 V2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF188CI (6GT2002-0JE60) versions ant\u00e9rieures \u00e0 V2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF360R (6GT2801-5BA30) versions ant\u00e9rieures \u00e0 V2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V7.5 versions ant\u00e9rieures \u00e0 V7.5 SP2 Update 18",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V8.0 versions ant\u00e9rieures \u00e0 V8.0 Update 5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Totally Integrated Automation Portal (TIA Portal) V17 versions ant\u00e9rieures \u00e0 V17 Update 8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-43647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43647"
    },
    {
      "name": "CVE-2024-37995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37995"
    },
    {
      "name": "CVE-2024-37990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37990"
    },
    {
      "name": "CVE-2024-37993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37993"
    },
    {
      "name": "CVE-2024-37991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37991"
    },
    {
      "name": "CVE-2023-30756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30756"
    },
    {
      "name": "CVE-2024-33698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33698"
    },
    {
      "name": "CVE-2024-37992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37992"
    },
    {
      "name": "CVE-2024-34057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34057"
    },
    {
      "name": "CVE-2023-30755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30755"
    },
    {
      "name": "CVE-2023-28827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28827"
    },
    {
      "name": "CVE-2023-44373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44373"
    },
    {
      "name": "CVE-2024-35783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35783"
    },
    {
      "name": "CVE-2024-38355",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38355"
    },
    {
      "name": "CVE-2024-37994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37994"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0757",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-09-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Siemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-721642",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-721642.html"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-969738",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-969738.html"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-673996",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-673996.html"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-773256",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-773256.html"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-423808",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-423808.html"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-039007",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-039007.html"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-629254",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-629254.html"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-765405",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-765405.html"
    }
  ]
}

CERTFR-2024-AVI-0757

Vulnerability from certfr_avis - Published: - Updated:

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Siemens	N/A	SIMATIC BATCH V9.1 toutes versions pour la vulnérabilité CVE-2024-35783
Siemens	N/A	SIMATIC HMI Comfort Panels (incl. SIPLUS variants) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour les vulnérabilités CVE-2023-28827, CVE-2023-30755 et CVE-2023-30756.
Siemens	N/A	SIMATIC IPC DiagBase toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour les vulnérabilités CVE-2023-28827, CVE-2023-30755 et CVE-2023-30756.
Siemens	N/A	SIMATIC IPC DiagMonitor toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour les vulnérabilités CVE-2023-28827, CVE-2023-30755 et CVE-2023-30756.
Siemens	N/A	SIMATIC Information Server 2020 toutes versions pour la vulnérabilité CVE-2024-35783
Siemens	N/A	SIMATIC Information Server 2022 toutes versions pour la vulnérabilité CVE-2024-33698
Siemens	N/A	SIMATIC Information Server 2022 toutes versions pour la vulnérabilité CVE-2024-35783
Siemens	N/A	SIMATIC Information Server 2024 toutes versions pour la vulnérabilité CVE-2024-33698
Siemens	N/A	SIMATIC PCS 7 V9.1 toutes versions
Siemens	N/A	SIMATIC PCS neo V4.0 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-33698.
Siemens	N/A	SIMATIC PCS neo V5.0 toutes versions pour la vulnérabilité CVE-2024-33698
Siemens	N/A	SIMATIC PCS neo V5.0 toutes versions pour la vulnérabilité CVE-2024-38355
Siemens	N/A	SIMATIC Process Historian 2020 toutes versions pour la vulnérabilité CVE-2024-35783
Siemens	N/A	SIMATIC Process Historian 2022 toutes versions pour la vulnérabilité CVE-2024-35783
Siemens	N/A	SCALANCE W700 802.11 AX versions antérieures à V2.4.0
Siemens	N/A	SICAM SCC versions antérieures à V10.0
Siemens	N/A	SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) versions antérieures à V3.5.20
Siemens	N/A	SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) versions antérieures à V3.5.20
Siemens	N/A	SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) versions antérieures à V3.5.20
Siemens	N/A	SIMATIC CP 1243-1 (incl. SIPLUS variants) versions antérieures à V3.5.20
Siemens	N/A	SIMATIC CP 1243-7 LTE versions antérieures à V3.5.20
Siemens	N/A	SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) versions antérieures à V3.5.20
Siemens	N/A	SIMATIC PCS neo V4.1 versions antérieures à V4.1 Update 2
Siemens	N/A	SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) versions antérieures à V4.2
Siemens	N/A	Totally Integrated Automation Portal (TIA Portal) V18 toutes versions
Siemens	N/A	SIMATIC S7-200 SMART toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-43647.
Siemens	N/A	SIMATIC WinCC Runtime Advanced toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour les vulnérabilités CVE-2023-28827, CVE-2023-30755 et CVE-2023-30756.
Siemens	N/A	SIMATIC WinCC Runtime Professional V17 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-38355.
Siemens	N/A	SIMATIC WinCC Runtime Professional V18 toutes versions pour la vulnérabilité CVE-2024-35783
Siemens	N/A	SIMATIC WinCC Runtime Professional V18 toutes versions pour la vulnérabilité CVE-2024-38355
Siemens	N/A	SIMATIC WinCC Runtime Professional V19 toutes versions pour la vulnérabilité CVE-2024-35783
Siemens	N/A	SIMATIC WinCC Runtime Professional V19 toutes versions pour la vulnérabilité CVE-2024-38355
Siemens	N/A	SIMATIC WinCC Runtime Professional V20 toutes versions pour la vulnérabilité CVE-2024-38355
Siemens	N/A	SIMATIC WinCC V7.4 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-35783.
Siemens	N/A	SIMATIC WinCC V7.4 toutes versionswith installed WebRH. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-38355.
Siemens	N/A	SIMATIC WinCC V7.5 toutes versions pour la vulnérabilité CVE-2024-38355
Siemens	N/A	SIMATIC WinCC V8.0 toutes versions pour la vulnérabilité CVE-2024-38355
Siemens	N/A	Totally Integrated Automation Portal (TIA Portal) V16 toutes versions pour la vulnérabilité CVE-2024-33698
Siemens	N/A	Totally Integrated Automation Portal (TIA Portal) V19 toutes versions
Siemens	N/A	SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC RF1140R (6GT2831-6CB00) versions antérieures à V1.1
Siemens	N/A	SIMATIC RF1170R (6GT2831-6BB00) versions antérieures à V1.1
Siemens	N/A	SIMATIC RF166C (6GT2002-0EE20) versions antérieures à V2.2
Siemens	N/A	SIMATIC RF185C (6GT2002-0JE10) versions antérieures à V2.2
Siemens	N/A	SIMATIC RF186C (6GT2002-0JE20) versions antérieures à V2.2
Siemens	N/A	SIMATIC RF186CI (6GT2002-0JE50) versions antérieures à V2.2
Siemens	N/A	SIMATIC RF188C (6GT2002-0JE40) versions antérieures à V2.2
Siemens	N/A	SIMATIC RF188CI (6GT2002-0JE60) versions antérieures à V2.2
Siemens	N/A	SIMATIC RF360R (6GT2801-5BA30) versions antérieures à V2.2
Siemens	N/A	SIMATIC WinCC V7.5 versions antérieures à V7.5 SP2 Update 18
Siemens	N/A	SIMATIC WinCC V8.0 versions antérieures à V8.0 Update 5
Siemens	N/A	Totally Integrated Automation Portal (TIA Portal) V17 versions antérieures à V17 Update 8

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens SSA-721642	2024-09-10	vendor-advisory
Bulletin de sécurité Siemens SSA-969738	2024-09-10	vendor-advisory
Bulletin de sécurité Siemens SSA-673996	2024-09-10	vendor-advisory
Bulletin de sécurité Siemens SSA-773256	2024-09-10	vendor-advisory
Bulletin de sécurité Siemens SSA-423808	2024-09-10	vendor-advisory
Bulletin de sécurité Siemens SSA-039007	2024-09-10	vendor-advisory
Bulletin de sécurité Siemens SSA-629254	2024-09-10	vendor-advisory
Bulletin de sécurité Siemens SSA-765405	2024-09-10	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SIMATIC BATCH V9.1 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-35783",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC HMI Comfort Panels (incl. SIPLUS variants) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour les vuln\u00e9rabilit\u00e9s CVE-2023-28827, CVE-2023-30755 et CVE-2023-30756.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC DiagBase toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour les vuln\u00e9rabilit\u00e9s CVE-2023-28827, CVE-2023-30755 et CVE-2023-30756.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC DiagMonitor toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour les vuln\u00e9rabilit\u00e9s CVE-2023-28827, CVE-2023-30755 et CVE-2023-30756.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Information Server 2020 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-35783",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Information Server 2022 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-33698",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Information Server 2022 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-35783",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Information Server 2024 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-33698",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS 7 V9.1 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS neo V4.0 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-33698.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS neo V5.0 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-33698",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS neo V5.0 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-38355",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Process Historian 2020 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-35783",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Process Historian 2022 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-35783",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE W700 802.11 AX versions ant\u00e9rieures \u00e0 V2.4.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SICAM SCC versions ant\u00e9rieures \u00e0 V10.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) versions ant\u00e9rieures \u00e0 V3.5.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) versions ant\u00e9rieures \u00e0 V3.5.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) versions ant\u00e9rieures \u00e0 V3.5.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1243-1 (incl. SIPLUS variants) versions ant\u00e9rieures \u00e0 V3.5.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1243-7 LTE versions ant\u00e9rieures \u00e0 V3.5.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) versions ant\u00e9rieures \u00e0 V3.5.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS neo V4.1 versions ant\u00e9rieures \u00e0 V4.1 Update 2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Totally Integrated Automation Portal (TIA Portal) V18 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-200 SMART toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-43647.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Advanced toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour les vuln\u00e9rabilit\u00e9s CVE-2023-28827, CVE-2023-30755 et CVE-2023-30756.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Professional V17 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-38355.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Professional V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-35783",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Professional V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-38355",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Professional V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-35783",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Professional V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-38355",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Professional V20 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-38355",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V7.4 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-35783.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V7.4 toutes versionswith installed WebRH. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-38355.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V7.5 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-38355",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V8.0 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-38355",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Totally Integrated Automation Portal (TIA Portal) V16 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-33698",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Totally Integrated Automation Portal (TIA Portal) V19 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF1140R (6GT2831-6CB00) versions ant\u00e9rieures \u00e0 V1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF1170R (6GT2831-6BB00) versions ant\u00e9rieures \u00e0 V1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF166C (6GT2002-0EE20) versions ant\u00e9rieures \u00e0 V2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF185C (6GT2002-0JE10) versions ant\u00e9rieures \u00e0 V2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF186C (6GT2002-0JE20) versions ant\u00e9rieures \u00e0 V2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF186CI (6GT2002-0JE50) versions ant\u00e9rieures \u00e0 V2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF188C (6GT2002-0JE40) versions ant\u00e9rieures \u00e0 V2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF188CI (6GT2002-0JE60) versions ant\u00e9rieures \u00e0 V2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF360R (6GT2801-5BA30) versions ant\u00e9rieures \u00e0 V2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V7.5 versions ant\u00e9rieures \u00e0 V7.5 SP2 Update 18",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V8.0 versions ant\u00e9rieures \u00e0 V8.0 Update 5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Totally Integrated Automation Portal (TIA Portal) V17 versions ant\u00e9rieures \u00e0 V17 Update 8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-43647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43647"
    },
    {
      "name": "CVE-2024-37995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37995"
    },
    {
      "name": "CVE-2024-37990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37990"
    },
    {
      "name": "CVE-2024-37993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37993"
    },
    {
      "name": "CVE-2024-37991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37991"
    },
    {
      "name": "CVE-2023-30756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30756"
    },
    {
      "name": "CVE-2024-33698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33698"
    },
    {
      "name": "CVE-2024-37992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37992"
    },
    {
      "name": "CVE-2024-34057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34057"
    },
    {
      "name": "CVE-2023-30755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30755"
    },
    {
      "name": "CVE-2023-28827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28827"
    },
    {
      "name": "CVE-2023-44373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44373"
    },
    {
      "name": "CVE-2024-35783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35783"
    },
    {
      "name": "CVE-2024-38355",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38355"
    },
    {
      "name": "CVE-2024-37994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37994"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0757",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-09-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Siemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-721642",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-721642.html"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-969738",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-969738.html"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-673996",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-673996.html"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-773256",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-773256.html"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-423808",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-423808.html"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-039007",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-039007.html"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-629254",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-629254.html"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-765405",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-765405.html"
    }
  ]
}

FKIE_CVE-2024-33698

Vulnerability from fkie_nvd - Published: 2024-09-10 10:15 - Updated: 2025-10-14 10:15

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	productcert@siemens.com	https://cert-portal.siemens.com/productcert/html/ssa-039007.html

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been identified in Opcenter Quality (All versions \u003c V2406), Opcenter RDnL (All versions \u003c V2410), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions \u003c V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions \u003c V5.0 Update 1), SINEC NMS (All versions), SINEMA Remote Connect Client (All versions \u003c V3.2 SP3), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions \u003c V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions \u003c V18 Update 5), Totally Integrated Automation Portal (TIA Portal) V19 (All versions \u003c V19 Update 3). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad en SIMATIC Information Server 2022 (todas las versiones), SIMATIC Information Server 2024 (todas las versiones), SIMATIC PCS neo V4.0 (todas las versiones), SIMATIC PCS neo V4.1 (todas las versiones \u0026lt; V4.1 Update 2), SIMATIC PCS neo V5.0 (todas las versiones), SINEC NMS (todas las versiones), Totally Integrated Automation Portal (TIA Portal) V16 (todas las versiones), Totally Integrated Automation Portal (TIA Portal) V17 (todas las versiones \u0026lt; V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (todas las versiones), Totally Integrated Automation Portal (TIA Portal) V19 (todas las versiones). Los productos afectados contienen una vulnerabilidad de desbordamiento de b\u00fafer basada en mont\u00f3n en el componente UMC integrado. Esto podr\u00eda permitir que un atacante remoto no autenticado ejecute c\u00f3digo arbitrario."
    }
  ],
  "id": "CVE-2024-33698",
  "lastModified": "2025-10-14T10:15:34.373",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "productcert@siemens.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 9.3,
          "baseSeverity": "CRITICAL",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "productcert@siemens.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-09-10T10:15:09.707",
  "references": [
    {
      "source": "productcert@siemens.com",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-039007.html"
    }
  ],
  "sourceIdentifier": "productcert@siemens.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-122"
        }
      ],
      "source": "productcert@siemens.com",
      "type": "Secondary"
    }
  ]
}

WID-SEC-W-2024-2093

Vulnerability from csaf_certbund - Published: 2024-09-09 22:00 - Updated: 2024-09-09 22:00

Summary

Siemens TIA Portal: Schwachstelle ermöglicht Codeausführung

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

TIA-Portal ist ein Automatisierungsframework für Steuerungen und andere Automatisierungsgeräte der SIMATIC-Serie.

Angriff

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Siemens TIA Portal ausnutzen, um beliebigen Programmcode auszuführen.

Betroffene Betriebssysteme

- Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "TIA-Portal ist ein Automatisierungsframework f\u00fcr Steuerungen und andere Automatisierungsger\u00e4te der SIMATIC-Serie.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Siemens TIA Portal ausnutzen, um beliebigen Programmcode auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-2093 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-2093.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-2093 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-2093"
      },
      {
        "category": "external",
        "summary": "SiemensSecurity Advisory by Siemens ProductCERT vom 2024-09-09",
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-039007.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Siemens TIA Portal: Schwachstelle erm\u00f6glicht Codeausf\u00fchrung",
    "tracking": {
      "current_release_date": "2024-09-09T22:00:00.000+00:00",
      "generator": {
        "date": "2024-09-10T11:04:56.560+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.6"
        }
      },
      "id": "WID-SEC-W-2024-2093",
      "initial_release_date": "2024-09-09T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-09-09T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "V16",
                "product": {
                  "name": "Siemens TIA Portal V16",
                  "product_id": "T027140",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:siemens:tia_portal:v16"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cV17 Update 8",
                "product": {
                  "name": "Siemens TIA Portal \u003cV17 Update 8",
                  "product_id": "T037396"
                }
              },
              {
                "category": "product_version",
                "name": "V17 Update 8",
                "product": {
                  "name": "Siemens TIA Portal V17 Update 8",
                  "product_id": "T037396-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:siemens:tia_portal:v17_update_8"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "UMC \u003cV2.13.1",
                "product": {
                  "name": "Siemens TIA Portal UMC \u003cV2.13.1",
                  "product_id": "T037406"
                }
              },
              {
                "category": "product_version",
                "name": "UMC V2.13.1",
                "product": {
                  "name": "Siemens TIA Portal UMC V2.13.1",
                  "product_id": "T037406-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:siemens:tia_portal:umc__v2.13.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "TIA Portal"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-33698",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Siemens TIA Portal. Die Ursache ist ein Heap-basierter Puffer \u00dcberlauf in der User Management Komponente (UMC). Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Code auszuf\u00fchren ."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027140",
          "T037406",
          "T037396"
        ]
      },
      "release_date": "2024-09-09T22:00:00.000+00:00",
      "title": "CVE-2024-33698"
    }
  ]
}

GSD-2024-33698

Vulnerability from gsd - Updated: 2024-04-27 05:02

Details

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Aliases

CVE-2024-33698

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-33698"
      ],
      "id": "GSD-2024-33698",
      "modified": "2024-04-27T05:02:18.315544Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2024-33698",
        "STATE": "RESERVED"
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
          }
        ]
      }
    }
  }
}

ICSA-24-256-03

Vulnerability from csaf_cisa - Published: 2024-09-10 00:00 - Updated: 2025-10-14 00:00

Summary

Siemens User Management Component (UMC)

Notes

Summary

General Recommendations

Additional Resources

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Advisory Conversion Disclaimer

This ICSA is a verbatim republication of Siemens ProductCERT SSA-039007 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.

Critical infrastructure sectors

Critical Manufacturing

Countries/areas deployed

Worldwide

Company headquarters location

Germany

Recommended Practices

CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.

Recommended Practices

Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.

Recommended Practices

Locate control system networks and remote devices behind firewalls and isolate them from business networks.

Recommended Practices

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Recommended Practices

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "Tenable",
        "summary": "reporting this vulnerability to Siemens."
      },
      {
        "organization": "Siemens ProductCERT",
        "summary": "reporting this vulnerability to CISA."
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.cisa.gov/news-events/news/traffic-light-protocol-tlp-definitions-and-usage"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Siemens User Management Component (UMC) is affected by a heap-based buffer overflow vulnerability which could allow an unauthenticated remote attacker arbitrary code execution.\n\nSiemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
        "title": "General Recommendations"
      },
      {
        "category": "general",
        "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
        "title": "Terms of Use"
      },
      {
        "category": "legal_disclaimer",
        "text": "This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy \u0026 Use policy (https://www.cisa.gov/privacy-policy).",
        "title": "Legal Notice and Terms of Use"
      },
      {
        "category": "other",
        "text": "This ICSA is a verbatim republication of Siemens ProductCERT SSA-039007 from a direct conversion of the vendor\u0027s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA\u0027s website as a means of increasing visibility and is provided \"as-is\" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory.  Further, CISA does not endorse any commercial product or service.  Please contact Siemens ProductCERT directly for any questions regarding this advisory.",
        "title": "Advisory Conversion Disclaimer"
      },
      {
        "category": "other",
        "text": "Critical Manufacturing",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Germany",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "central@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "SSA-039007: Heap-based Buffer Overflow Vulnerability in User Management Component (UMC) - CSAF Version",
        "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-039007.json"
      },
      {
        "category": "self",
        "summary": "SSA-039007: Heap-based Buffer Overflow Vulnerability in User Management Component (UMC) - HTML Version",
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-039007.html"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-24-256-03 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-256-03.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-24-256-03 - Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-03"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/topics/industrial-control-systems"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b"
      }
    ],
    "title": "Siemens User Management Component (UMC)",
    "tracking": {
      "current_release_date": "2025-10-14T00:00:00.000000Z",
      "generator": {
        "date": "2025-10-16T21:33:12.918825Z",
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-24-256-03",
      "initial_release_date": "2024-09-10T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2024-09-10T00:00:00.000000Z",
          "legacy_version": "1.0",
          "number": "1",
          "summary": "Publication Date"
        },
        {
          "date": "2024-10-08T00:00:00.000000Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Added fix for Totally Integrated Automation Portal (TIA Portal) V19 and clarified formulation for mitigation"
        },
        {
          "date": "2024-11-12T00:00:00.000000Z",
          "legacy_version": "1.2",
          "number": "3",
          "summary": "Added affected products Opcenter Execution Foundation, Opcenter Quality and Opcenter RDL. Added fix for Totally Integrated Automation Portal (TIA Portal) V18. Clarified no fix planned for product Totally Integrated Automation Portal (TIA Portal) V16"
        },
        {
          "date": "2025-01-14T00:00:00.000000Z",
          "legacy_version": "1.3",
          "number": "4",
          "summary": "Added fix for SIMATIC PCS neo V5.0. Removed SIMATIC Information Server 2022 and SIMATIC Information Server 2024 as not affected"
        },
        {
          "date": "2025-03-11T00:00:00.000000Z",
          "legacy_version": "1.4",
          "number": "5",
          "summary": "Added SINEMA Remote Connect Client as affected product including fix"
        },
        {
          "date": "2025-05-13T00:00:00.000000Z",
          "legacy_version": "1.5",
          "number": "6",
          "summary": "Updated remediation for SINEC NMS to point directly to the update of UMC"
        },
        {
          "date": "2025-10-14T00:00:00.000000Z",
          "legacy_version": "1.6",
          "number": "7",
          "summary": "Added remediation for Opcenter RDnL and Opcenter Quality"
        }
      ],
      "status": "final",
      "version": "7"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c2406",
                "product": {
                  "name": "Opcenter Quality",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "Opcenter Quality"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c2410",
                "product": {
                  "name": "Opcenter RDnL",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "Opcenter RDnL"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC PCS neo V4.0",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC PCS neo V4.0"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cV4.1_Update_2",
                "product": {
                  "name": "SIMATIC PCS neo V4.1",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC PCS neo V4.1"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cV5.0_Update_1",
                "product": {
                  "name": "SIMATIC PCS neo V5.0",
                  "product_id": "CSAFPID-0005"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC PCS neo V5.0"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SINEC NMS",
                  "product_id": "CSAFPID-0006"
                }
              }
            ],
            "category": "product_name",
            "name": "SINEC NMS"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cV3.2_SP3",
                "product": {
                  "name": "SINEMA Remote Connect Client",
                  "product_id": "CSAFPID-0007"
                }
              }
            ],
            "category": "product_name",
            "name": "SINEMA Remote Connect Client"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Totally Integrated Automation Portal (TIA Portal) V16",
                  "product_id": "CSAFPID-0008"
                }
              }
            ],
            "category": "product_name",
            "name": "Totally Integrated Automation Portal (TIA Portal) V16"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cV17_Update_8",
                "product": {
                  "name": "Totally Integrated Automation Portal (TIA Portal) V17",
                  "product_id": "CSAFPID-0009"
                }
              }
            ],
            "category": "product_name",
            "name": "Totally Integrated Automation Portal (TIA Portal) V17"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cV18_Update_5",
                "product": {
                  "name": "Totally Integrated Automation Portal (TIA Portal) V18",
                  "product_id": "CSAFPID-0010"
                }
              }
            ],
            "category": "product_name",
            "name": "Totally Integrated Automation Portal (TIA Portal) V18"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cV19_Update_3",
                "product": {
                  "name": "Totally Integrated Automation Portal (TIA Portal) V19",
                  "product_id": "CSAFPID-0011"
                }
              }
            ],
            "category": "product_name",
            "name": "Totally Integrated Automation Portal (TIA Portal) V19"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-33698",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008",
          "CSAFPID-0009",
          "CSAFPID-0010",
          "CSAFPID-0011"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Filter the ports 4002 and 4004 to only accept connections to/from the IP addresses of machines that run UMC and are part of the UMC network e.g. with an external firewall",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011"
          ]
        },
        {
          "category": "mitigation",
          "details": "In addition if no RT server machines are used, port 4004 can be blocked completely",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011"
          ]
        },
        {
          "category": "no_fix_planned",
          "details": "Currently no fix is planned",
          "product_ids": [
            "CSAFPID-0003",
            "CSAFPID-0008"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V17 Update 8 or later version",
          "product_ids": [
            "CSAFPID-0009"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109784441/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V18 Update 5 or later version",
          "product_ids": [
            "CSAFPID-0010"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109817218/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V19 Update 3 or later version",
          "product_ids": [
            "CSAFPID-0011"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109925643/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2406 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2410 or later version",
          "product_ids": [
            "CSAFPID-0002"
          ],
          "url": "https://support.sw.siemens.com/product/297341591/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V3.2 SP3 or later version",
          "product_ids": [
            "CSAFPID-0007"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109976964/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V4.1 Update 2 or later version",
          "product_ids": [
            "CSAFPID-0004"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109972354/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V5.0 Update 1 or later version",
          "product_ids": [
            "CSAFPID-0005"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109977244/"
        },
        {
          "category": "vendor_fix",
          "details": "Update UMC to V2.15.1.1 or later compatible version https://support.industry.siemens.com/cs/ww/en/view/109987708/",
          "product_ids": [
            "CSAFPID-0006"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011"
          ]
        }
      ],
      "title": "CVE-2024-33698"
    }
  ]
}

GHSA-5J8G-CMHW-G45P

Vulnerability from github – Published: 2024-09-10 12:30 – Updated: 2024-09-10 12:30

Details

A vulnerability has been identified in SIMATIC Information Server 2022 (All versions), SIMATIC Information Server 2024 (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code.

Severity ?

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 (Critical)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-33698"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-122"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-10T10:15:09Z",
    "severity": "CRITICAL"
  },
  "details": "A vulnerability has been identified in SIMATIC Information Server 2022 (All versions), SIMATIC Information Server 2024 (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions \u003c V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions \u003c V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code.",
  "id": "GHSA-5j8g-cmhw-g45p",
  "modified": "2024-09-10T12:30:37Z",
  "published": "2024-09-10T12:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33698"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-039007.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-33698 (GCVE-0-2024-33698)

Solutions

Solutions

Tags

Sightings

Nomenclature