CVE-2024-49775

Summary

A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2501.0001), Opcenter Intelligence (All versions < V2501.0001), Opcenter Quality (All versions < V2512), Opcenter RDnL (All versions < V2410), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 3), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SINEC NMS (All versions if operated in conjunction with UMC < V2.15), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code.

Affected Software

VendorProductVersion RangeStatus
SiemensOpcenter Execution Foundation0 < V2501.0001affected
SiemensOpcenter Intelligence0 < V2501.0001affected
SiemensOpcenter Quality0 < V2512affected
SiemensOpcenter RDnL0 < V2410affected
SiemensSIMATIC PCS neo V4.00 < *affected
SiemensSIMATIC PCS neo V4.10 < V4.1 Update 3affected
SiemensSIMATIC PCS neo V5.00 < V5.0 Update 1affected
SiemensSINEC NMS0 < *affected
SiemensTotally Integrated Automation Portal (TIA Portal) V160 < *affected
SiemensTotally Integrated Automation Portal (TIA Portal) V170 < *affected
SiemensTotally Integrated Automation Portal (TIA Portal) V180 < *affected
SiemensTotally Integrated Automation Portal (TIA Portal) V190 < *affected

Weaknesses

  • CWE-122: CWE-122: Heap-based Buffer Overflow

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References