Heap-Based Buffer Overflow in Opcenter and SIMATIC Products by Siemens
CVE-2024-33698

9.3CRITICAL

Key Information:

Vendor: Siemens
Status: Opcenter Execution Foundation; Opcenter Quality; Opcenter Rdl; Simatic Pcs Neo V4.0
Vendor: CVE Published:; 10 September 2024

What is CVE-2024-33698?

A critical security vulnerability exists within the integrated UMC component of various Siemens products, including Opcenter and SIMATIC series. This vulnerability is characterized as a heap-based buffer overflow, which could potentially enable an unauthenticated remote attacker to execute arbitrary code on the affected systems. This flaw underscores the importance of regular updates and security patch management to protect industrial applications from malicious exploitation.

Affected Version(s)

Opcenter Execution Foundation 0

Opcenter Quality 0

Opcenter RDL 0

References

https://cert-portal.siemens.com/productcert/html/ssa-0390...

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 10, 2024
Vulnerability Reserved
Apr 26, 2024