Heap-Based Buffer Overflow in Opcenter and SIMATIC Products by Siemens
CVE-2024-33698

9.8CRITICAL

Key Information:

Vendor: Siemens
Status: Opcenter Execution Foundation; Opcenter Quality; Opcenter Rdl; Simatic Information Server 2022
Vendor: CVE Published:; 10 September 2024

Summary

A critical security vulnerability exists within the integrated UMC component of various Siemens products, including Opcenter and SIMATIC series. This vulnerability is characterized as a heap-based buffer overflow, which could potentially enable an unauthenticated remote attacker to execute arbitrary code on the affected systems. This flaw underscores the importance of regular updates and security patch management to protect industrial applications from malicious exploitation.

Affected Version(s)

Opcenter Execution Foundation 0

Opcenter Quality 0

Opcenter RDL 0

References

https://cert-portal.siemens.com/productcert/html/ssa-0390...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 10, 2024
Vulnerability Reserved
Apr 26, 2024