9.8
CVE-2024-49775
- EPSS 0.51%
- Published 16.12.2024 15:15:07
- Last modified 11.03.2025 10:15:14
- Source productcert@siemens.com
- Teams watchlist Login
- Open Login
A vulnerability has been identified in Opcenter Execution Foundation (All versions), Opcenter Intelligence (All versions), Opcenter Quality (All versions), Opcenter RDL (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 3), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SINEC NMS (All versions if operated in conjunction with UMC < V2.15), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorSiemens
≫
Product
Opcenter Execution Foundation
Default Statusunknown
Version <
*
Version
0
Status
affected
VendorSiemens
≫
Product
Opcenter Intelligence
Default Statusunknown
Version <
*
Version
0
Status
affected
VendorSiemens
≫
Product
Opcenter Quality
Default Statusunknown
Version <
*
Version
0
Status
affected
VendorSiemens
≫
Product
Opcenter RDL
Default Statusunknown
Version <
*
Version
0
Status
affected
VendorSiemens
≫
Product
SIMATIC PCS neo V4.0
Default Statusunknown
Version <
*
Version
0
Status
affected
VendorSiemens
≫
Product
SIMATIC PCS neo V4.1
Default Statusunknown
Version <
V4.1 Update 3
Version
0
Status
affected
VendorSiemens
≫
Product
SIMATIC PCS neo V5.0
Default Statusunknown
Version <
V5.0 Update 1
Version
0
Status
affected
VendorSiemens
≫
Product
SINEC NMS
Default Statusunknown
Version <
*
Version
0
Status
affected
VendorSiemens
≫
Product
Totally Integrated Automation Portal (TIA Portal) V16
Default Statusunknown
Version <
*
Version
0
Status
affected
VendorSiemens
≫
Product
Totally Integrated Automation Portal (TIA Portal) V17
Default Statusunknown
Version <
*
Version
0
Status
affected
VendorSiemens
≫
Product
Totally Integrated Automation Portal (TIA Portal) V18
Default Statusunknown
Version <
*
Version
0
Status
affected
VendorSiemens
≫
Product
Totally Integrated Automation Portal (TIA Portal) V19
Default Statusunknown
Version <
*
Version
0
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.51% | 0.655 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| productcert@siemens.com | 9.3 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| productcert@siemens.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-122 Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().