9.8
CVE-2024-49775
- EPSS 0.51%
- Veröffentlicht 16.12.2024 15:15:07
- Zuletzt bearbeitet 11.03.2025 10:15:14
- Quelle productcert@siemens.com
- Teams Watchlist Login
- Unerledigt Login
A vulnerability has been identified in Opcenter Execution Foundation (All versions), Opcenter Intelligence (All versions), Opcenter Quality (All versions), Opcenter RDL (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 3), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SINEC NMS (All versions if operated in conjunction with UMC < V2.15), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerSiemens
≫
Produkt
Opcenter Execution Foundation
Default Statusunknown
Version <
*
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
Opcenter Intelligence
Default Statusunknown
Version <
*
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
Opcenter Quality
Default Statusunknown
Version <
*
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
Opcenter RDL
Default Statusunknown
Version <
*
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC PCS neo V4.0
Default Statusunknown
Version <
*
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC PCS neo V4.1
Default Statusunknown
Version <
V4.1 Update 3
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC PCS neo V5.0
Default Statusunknown
Version <
V5.0 Update 1
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SINEC NMS
Default Statusunknown
Version <
*
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
Totally Integrated Automation Portal (TIA Portal) V16
Default Statusunknown
Version <
*
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
Totally Integrated Automation Portal (TIA Portal) V17
Default Statusunknown
Version <
*
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
Totally Integrated Automation Portal (TIA Portal) V18
Default Statusunknown
Version <
*
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
Totally Integrated Automation Portal (TIA Portal) V19
Default Statusunknown
Version <
*
Version
0
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.51% | 0.655 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| productcert@siemens.com | 9.3 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| productcert@siemens.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-122 Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().