CVE-2024-33698

Summary

A vulnerability has been identified in Opcenter Quality (All versions < V2406), Opcenter RDnL (All versions < V2410), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SINEC NMS (All versions), SINEMA Remote Connect Client (All versions < V3.2 SP3), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 5), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 3). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code.

Affected Software

VendorProductVersion RangeStatus
SiemensOpcenter Quality0 < V2406affected
SiemensOpcenter RDnL0 < V2410affected
SiemensSIMATIC PCS neo V4.00 < *affected
SiemensSIMATIC PCS neo V4.10 < V4.1 Update 2affected
SiemensSIMATIC PCS neo V5.00 < V5.0 Update 1affected
SiemensSINEC NMS0 < *affected
SiemensSINEMA Remote Connect Client0 < V3.2 SP3affected
SiemensTotally Integrated Automation Portal (TIA Portal) V160 < *affected
SiemensTotally Integrated Automation Portal (TIA Portal) V170 < V17 Update 8affected
SiemensTotally Integrated Automation Portal (TIA Portal) V180 < V18 Update 5affected
SiemensTotally Integrated Automation Portal (TIA Portal) V190 < V19 Update 3affected

Weaknesses

  • CWE-122: CWE-122: Heap-based Buffer Overflow

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References